php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59481 oauthprovider does not works on an apache https server
Submitted: 2010-10-28 05:41 UTC Modified: 2011-01-15 13:33 UTC
From: lidaobing at gmail dot com Assigned: jawed (profile)
Status: Suspended Package: oauth (PECL)
PHP Version: 5.3.2 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-10-28 05:41 UTC] lidaobing at gmail dot com
Description:
------------
I found that oauthprovider (r304239 from
http://svn.php.net/repository/pecl/oauth/trunk) does not 
works on a
https server,

after inspect on the OAuthException, it sounds that if 
construct a url
with http://domain.nam/path instead of 
https://domain.nam/path

a workaround for this is add following line in your apache 
virtualHost config

SetEnv HTTP_X_FORWARDED_PROTO https


after inspect provider.c, I found that it use a strange way 
to inspect
whether the protocol is https or http, how about the https 
server is
not open on port 443?

thanks

$ grep -C 3 443  provider.c
               if(proto && Z_STRLEN_PP(proto)) {
                       spprintf(&tmp, 0, "%s://%s%s",
Z_STRVAL_PP(proto), Z_STRVAL_PP(host), Z_STRVAL_PP(uri));
               } else {
                       spprintf(&tmp, 0, "http%s://%s%s",
Z_LVAL_PP(port)==443?"s":"", Z_STRVAL_PP(host), 
Z_STRVAL_PP(uri));
               }
               return tmp;
       }


other information:

$ pecl list
Installed packages, channel pecl.php.net:
=========================================
Package  Version State
memcache 2.2.6   stable
mongo    1.0.9   stable


$ grep ^extension /etc/php5/apache2/*  \
/etc/php5/apache2/conf.d/*
/etc/php5/apache2/php.ini:extension=mongo.so
/etc/php5/apache2/php.ini:extension=oauth.so
/etc/php5/apache2/php.ini:extension=memcache.so
/etc/php5/apache2/conf.d/curl.ini:extension=curl.so
/etc/php5/apache2/conf.d/gd.ini:extension=gd.so
/etc/php5/apache2/conf.d/mysqli.ini:extension=mysqli.so
/etc/php5/apache2/conf.d/mysql.ini:extension=mysql.so
/etc/php5/apache2/conf.d/pdo.ini:extension=pdo.so
/etc/php5/apache2/conf.d/pdo_mysql.ini:extension=pdo_mysql.s
o


Expected result:
----------------
OAuth passed

Actual result:
--------------
OAuth return 401

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-15 13:33 UTC] jawed@php.net
You're correct, OAuthProvider should provide a method to 
override the protocol internally. Thanks for the feedback.

- JJ
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Dec 02 10:01:24 2020 UTC