php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52913 Incorrect SNI (Server name indicator) when using a SoapClient through a proxy
Submitted: 2010-09-23 16:23 UTC Modified: 2016-09-12 17:58 UTC
Votes:33
Avg. Score:4.4 ± 0.9
Reproduced:30 of 30 (100.0%)
Same Version:17 (56.7%)
Same OS:0 (0.0%)
From: terje dot gjerde at visma dot no Assigned:
Status: Open Package: SOAP related
PHP Version: 5.3.3 OS: Windows Server 2008 r2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: terje dot gjerde at visma dot no
New email:
PHP Version: OS:

 

 [2010-09-23 16:23 UTC] terje dot gjerde at visma dot no
Description:
------------
When calling a url on apache server with name "APACHESERVER" through a proxy with name "PROXY" the following error occurs:

Hostname PROXY provided via SNI and hostname APACHESERVER provided via HTTP are different

ie calling url:

https://APACHESERVER/ws.php

with proxy at:
http://PROXY:8080/

Test script:
---------------
    $config = array('location' => WEBSERVICE_LOCATION,
                                    'classmap' => $wsclassmap,
                                    'trace' => 1,
                                    );

    if (WEBSERVICE_PROXY_HOST && WEBSERVICE_PROXY_PORT) {
        $config['proxy_host'] = WEBSERVICE_PROXY_HOST;
        $config['proxy_port'] = WEBSERVICE_PROXY_PORT;
    }

    $ws_client = new SoapClient($wsdl,$config);


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-26 16:58 UTC] daniel dot buschke at nextiraone dot eu
Workaround:

Locallly override APACHESERVER with the IP of PROXY in hosts file and set APACHESERVER as $config['proxy_host']. This is very ugly but works (for us).

cheers
Daniel
 [2012-07-02 08:17 UTC] daniel dot buschke at nextiraone dot eu
We have reproduced this bug in PHP 5.3.10 on Linux (OpenWRT).

If you set an IP as proxy, PHP is shouting an internal IP address out to the world. I think that is critical, isn't it?

regards
Daniel
 [2013-05-21 07:40 UTC] taneli at crasman dot fi
You can workaround this option by specifying a SNI_server_name in a stream context like this:

$wsdl = 'http://what.ever.host/service.wsdl';
$host = parse_url($wsdl, PHP_URL_HOST);
$opts = array('ssl' => array('SNI_server_name' => $host,
                             'SNI_enabled' => TRUE));
$context = stream_context_create($opts);
$soap = new \SoapClient($wsdl, array('proxy_host' => 'localhost', 'proxy_port' => 8080, 'stream_context' => $context));
 [2016-09-12 17:58 UTC] bukka@php.net
-Package: OpenSSL related +Package: SOAP related
 [2016-09-12 17:58 UTC] bukka@php.net
There is no limitation for this in OpenSSL extensions so this is just SOAP related.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 15:01:30 2024 UTC