[wp-trac] [WordPress Trac] #41340: fsockopen HTTP Proxy support is broken for HTTPS URLs

WordPress Trac noreply at wordpress.org
Sun Jul 16 12:47:06 UTC 2017


#41340: fsockopen HTTP Proxy support is broken for HTTPS URLs
--------------------------+-----------------------------
 Reporter:  flameeyes     |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  4.8
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 First of all, a little bit of background on HTTP proxies.

 "HTTP proxies" can exist with and without TLS at the proxy level. Both
 varieties allow you to connect to HTTPS hosts, through the CONNECT method
 (https://tools.ietf.org/html/rfc7231#section-4.3.6).

 This means that there are four different valid combinations of TLS at
 proxy connection level and TLS at remote host connection level.

 WordPress only allows setting a single proxy host (and port), but provides
 no configuration for whether it should be connected through TLS. The curl
 code correctly interprets this as using a non-TLS HTTP proxy for both HTTP
 and HTTPS connections.

 fsockopen instead will use the remote host TLS (ssl) option even when
 opening the connection to the Proxy, effectively forcing the same
 host:port pair to be used both as TLS and not, which does not generally
 work. Resulting in these error connections:

 HTTP proxy with no TLS:

  - https://api.wordpress.org/ -> tries connecting to proxy with tls, fail.
  - http://api.wordpress.org/ -> works

 HTTP proxy with TLS:

  - https://api.wordpress.org/ -> (probably? -- haven't tried) works
  - http://api.wordpress.org/ -> tries connecting to proxy without tls,
 fail.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/41340>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list