php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74796 Requests through https:// with http proxy set altering default context
Submitted: 2017-06-22 11:06 UTC Modified: 2018-08-20 17:22 UTC
Votes:10
Avg. Score:3.9 ± 0.9
Reproduced:7 of 8 (87.5%)
Same Version:6 (85.7%)
Same OS:5 (71.4%)
From: anrdaemon at freemail dot ru Assigned:
Status: Verified Package: Streams related
PHP Version: 7.1.6 OS: Windows, Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: anrdaemon at freemail dot ru
New email:
PHP Version: OS:

 

 [2017-06-22 11:06 UTC] anrdaemon at freemail dot ru
Description:
------------
Adding http proxy to default stream context making addressing different HTTPS domains in the same script impossible.
First request to HTTPS site after associating a http proxy sets ssl context to a single peer name and requests to any other domain will fail.

Tested with 7.1.6 and 5.6.30 on Windows and Ubuntu Linux.

Test script:
---------------
<?php

stream_context_set_default([
  "https" => [
    "proxy" => "tcp://proxy:3128"
    ],
]);
var_dump(stream_context_get_options(stream_context_get_default()));
file_get_contents("https://www.google.com/"); // fine
var_dump(stream_context_get_options(stream_context_get_default()));
file_get_contents("https://www.yahoo.com/"); // fine
var_dump(stream_context_get_options(stream_context_get_default()));
stream_context_set_default([
  "http" => [
    "proxy" => "tcp://proxy:3128"
    ],
]);
var_dump(stream_context_get_options(stream_context_get_default()));
file_get_contents("https://www.google.com/"); // fine
var_dump(stream_context_get_options(stream_context_get_default())); // ssl:peer_name is set
file_get_contents("https://www.yahoo.com/"); // Peer certificate CN=`*.www.yahoo.com' did not match expected CN=`www.google.com' in ...
var_dump(stream_context_get_options(stream_context_get_default()));


Expected result:
----------------
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(2) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(3) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(3) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}


Actual result:
--------------
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(1) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(2) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
}
array(3) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["ssl"]=>
  array(1) {
    ["peer_name"]=>
    string(14) "www.google.com"
  }
}
PHP Warning:  file_get_contents(): Peer certificate CN=`*.www.yahoo.com' did not match expected CN=`www.google.com' in test.php on line 21
PHP Warning:  file_get_contents(https://www.yahoo.com/): failed to open stream: Cannot connect to HTTPS server through proxy in test.php on line 21
array(3) {
  ["https"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["http"]=>
  array(1) {
    ["proxy"]=>
    string(16) "tcp://proxy:3128"
  }
  ["ssl"]=>
  array(1) {
    ["peer_name"]=>
    string(14) "www.google.com"
  }
}


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-06-22 11:42 UTC] anrdaemon at freemail dot ru
And I just found out that settings "https" context has no effect.
Both "https://" and "http://" URL's fall into "http" context.
WHY?…
 [2018-08-20 17:22 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-08-20 17:22 UTC] cmb@php.net
This issue has been introduced by fixing bug #67609.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 19:01:29 2024 UTC