RE: [PHP-DEV] Re: networking.c and fopen wrappers etc. (was RE: [ PHP-DEV] some IPv6 code added, compile problems anyone?) From: Wez Furlong (Wez <email protected>)
Date: 09/07/00

Hi Stig,

Heres a diff.

Things that are modified are:

ext/standard/config.m4: borrows the OpenSSL detection from ext/snmp.
This will need sorting out, as there will most likely be conflict if you
build in the snmp module.

ext/standard/fsock.h: added an "ssl" field to the php_sockbuf for holding
SSL state.

ext/standard/file.c: fwrite(): added a call to php_sock_ssl_send() which
figures out if it is an SSL socket or not, and calls SSL_write if required.
This probably should be incorporated into the SOCK_WRITEL macro call.

/ext/standard/fsock.c: fsockopen(): added code to check for "ssl://" or
"tls://" as a protocol. If present, it calls php_sockcreate so we can store
the SSL state. This also allows us to detect that the socket is SSL enabled
in the read/write code.
The socket read code checks for SSL and uses SSL_read() inplace of recv().

The patch isn't perfect: if you don't configure with ssl support the build
will break because I put an #ifdef in the wrong place, and I just noticed
that non-blocking reads on the SSL socket might not work as expected
(oops!), but seeing as this was a quick attempt to get SSL support going, I
dont think it really matters.

It might be an idea to make the protocol detection in fsockopen more
generic, or move it to your new host connect call somehow. This would then
make it easy for the http fopen-wrapper to use HTTPS (which is one of the
things I would make use of the most).

It would be nice to allow the user to verify certs etc. using the SSL API
just by passing the socket you get back from fsockopen as the "handle".

The nice thing about using OpenSSL is that it is very lightweight,
especially if your server is already using mod_ssl. (Although I haven't used
cURL, I have heard that it is a bit "heavy").

Anyway, I will leave it to you to look through and see how it fits into your
plans.

Yes, I have my CVS account now (thanks Rasmus), but I won't be able to make
much use of it this weekend as I am going away early in the morning until
Sunday :-(

--Wez.

> -----Original Message-----
> From: Stig Venaas [mailto:Stig.Venaas <email protected>]
> Sent: 07 September 2000 12:37
> To: Wez Furlong
> Cc: php-dev <email protected>
> Subject: [PHP-DEV] Re: networking.c and fopen wrappers etc. (was RE:
> [PHP-DEV] some IPv6 code added, compile problems anyone?)
>
>
> On Wed, Sep 06, 2000 at 08:19:43PM +0100, Wez Furlong wrote:
> > Stig,
> >
> > I have a patch (against 4.0.1pl2) that allowed you to use
> SSL (from OpenSSL)
> > on sockets opened via fsockopen. fread and fwrite would
> use the appropriate
> > openSSL functions for data transfer.
> >
> > I would like to see this used/usable from the fopen-wrappers.
> >
> > I asked for CVS write access ("the guys on the board" seem
> a bit busy, as I
> > haven't heard anything of it), so we can collaborate on
> this, or I can send
> > you the patch and let you do all the work ;-)
>
> This sounds interesting, could I see your current patch? I'm just
> wondering what needs to be done upon connect and what needs to be done
> when reading/writing data. I would like to see how this can
> be integrated
> with the hostconnect approach, and if it's easy to make it general so
> that other code than the fopen-wrappers can use SSL easily. Your patch
> should answer my questions I think. If people want SSL they could also
> use cURL, but if it's easy to add SSL support in a generic way, then I
> think it's good.
>
> I see you got your account now.
>
> Stig
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail:
> php-list-admin <email protected>
> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>