[wp-trac] [WordPress Trac] #41340: fsockopen HTTP Proxy support is broken for HTTPS URLs
WordPress Trac
noreply at wordpress.org
Sun Jul 16 12:47:06 UTC 2017
#41340: fsockopen HTTP Proxy support is broken for HTTPS URLs
--------------------------+-----------------------------
Reporter: flameeyes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.8
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
First of all, a little bit of background on HTTP proxies.
"HTTP proxies" can exist with and without TLS at the proxy level. Both
varieties allow you to connect to HTTPS hosts, through the CONNECT method
(https://tools.ietf.org/html/rfc7231#section-4.3.6).
This means that there are four different valid combinations of TLS at
proxy connection level and TLS at remote host connection level.
WordPress only allows setting a single proxy host (and port), but provides
no configuration for whether it should be connected through TLS. The curl
code correctly interprets this as using a non-TLS HTTP proxy for both HTTP
and HTTPS connections.
fsockopen instead will use the remote host TLS (ssl) option even when
opening the connection to the Proxy, effectively forcing the same
host:port pair to be used both as TLS and not, which does not generally
work. Resulting in these error connections:
HTTP proxy with no TLS:
- https://api.wordpress.org/ -> tries connecting to proxy with tls, fail.
- http://api.wordpress.org/ -> works
HTTP proxy with TLS:
- https://api.wordpress.org/ -> (probably? -- haven't tried) works
- http://api.wordpress.org/ -> tries connecting to proxy without tls,
fail.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41340>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list