PHP :: Bug #59481 :: oauthprovider does not works on an apache https server

Bug #59481	oauthprovider does not works on an apache https server
Submitted:	2010-10-28 05:41 UTC	Modified:	2011-01-15 13:33 UTC
From:	lidaobing at gmail dot com	Assigned:	jawed (profile)
Status:	Suspended	Package:	oauth (PECL)
PHP Version:	5.3.2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	lidaobing at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2010-10-28 05:41 UTC] lidaobing at gmail dot com

Description:
------------
I found that oauthprovider (r304239 from
http://svn.php.net/repository/pecl/oauth/trunk) does not 
works on a
https server,

after inspect on the OAuthException, it sounds that if 
construct a url
with http://domain.nam/path instead of 
https://domain.nam/path

a workaround for this is add following line in your apache 
virtualHost config

SetEnv HTTP_X_FORWARDED_PROTO https


after inspect provider.c, I found that it use a strange way 
to inspect
whether the protocol is https or http, how about the https 
server is
not open on port 443?

thanks

$ grep -C 3 443  provider.c
               if(proto && Z_STRLEN_PP(proto)) {
                       spprintf(&tmp, 0, "%s://%s%s",
Z_STRVAL_PP(proto), Z_STRVAL_PP(host), Z_STRVAL_PP(uri));
               } else {
                       spprintf(&tmp, 0, "http%s://%s%s",
Z_LVAL_PP(port)==443?"s":"", Z_STRVAL_PP(host), 
Z_STRVAL_PP(uri));
               }
               return tmp;
       }


other information:

$ pecl list
Installed packages, channel pecl.php.net:
=========================================
Package  Version State
memcache 2.2.6   stable
mongo    1.0.9   stable


$ grep ^extension /etc/php5/apache2/*  \
/etc/php5/apache2/conf.d/*
/etc/php5/apache2/php.ini:extension=mongo.so
/etc/php5/apache2/php.ini:extension=oauth.so
/etc/php5/apache2/php.ini:extension=memcache.so
/etc/php5/apache2/conf.d/curl.ini:extension=curl.so
/etc/php5/apache2/conf.d/gd.ini:extension=gd.so
/etc/php5/apache2/conf.d/mysqli.ini:extension=mysqli.so
/etc/php5/apache2/conf.d/mysql.ini:extension=mysql.so
/etc/php5/apache2/conf.d/pdo.ini:extension=pdo.so
/etc/php5/apache2/conf.d/pdo_mysql.ini:extension=pdo_mysql.s
o


Expected result:
----------------
OAuth passed

Actual result:
--------------
OAuth return 401

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-15 13:33 UTC] jawed@php.net

You're correct, OAuthProvider should provide a method to 
override the protocol internally. Thanks for the feedback.

- JJ

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 13:01:31 2024 UTC