diff options
author | Renato Botelho <renato@netgate.com> | 2015-11-20 09:30:07 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-11-20 09:30:07 -0200 |
commit | 8540bdcbb64162f9afb3361f395c0e4f301312b2 (patch) | |
tree | a8efc65616ea49c10a3d180d80ef9ca36f4eb4ca /src/etc/inc/xmlrpc_client.inc | |
parent | 14c8170db3196a834e1cbcedc8b560341bd781a0 (diff) | |
download | pfsense-8540bdcbb64162f9afb3361f395c0e4f301312b2.zip pfsense-8540bdcbb64162f9afb3361f395c0e4f301312b2.tar.gz |
Fix #5329
Since PHP 5.6, fsockopen() is checking SSL certificates, xmlrpc_client
is used only for HA today so it's safe to disable this check.
Since fsockopen() doesn't provide a way to disable it, move code to use
stream_socket_client()
Diffstat (limited to 'src/etc/inc/xmlrpc_client.inc')
-rw-r--r-- | src/etc/inc/xmlrpc_client.inc | 57 |
1 files changed, 20 insertions, 37 deletions
diff --git a/src/etc/inc/xmlrpc_client.inc b/src/etc/inc/xmlrpc_client.inc index fbbf977..57d1d83 100644 --- a/src/etc/inc/xmlrpc_client.inc +++ b/src/etc/inc/xmlrpc_client.inc @@ -911,38 +911,29 @@ class XML_RPC_Client extends XML_RPC_Base { print "\n---END---</pre>\n"; } - /* - * If we're using a proxy open a socket to the proxy server - * instead to the xml-rpc server - */ + $ctx_options = array(); + + /* Add proxy to context when it's set */ if ($this->proxy) { - if ($this->proxy_protocol == 'http://') { - $protocol = ''; - } else { - $protocol = $this->proxy_protocol; - } - if ($timeout > 0) { - $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port, - $this->errno, $this->errstr, $timeout); - } else { - $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port, - $this->errno, $this->errstr); - } - } else { - if ($this->protocol == 'http://') { - $protocol = ''; - } else { - $protocol = $this->protocol; - } - if ($timeout > 0) { - $fp = @fsockopen($protocol . $server, $port, - $this->errno, $this->errstr, $timeout); - } else { - $fp = @fsockopen($protocol . $server, $port, - $this->errno, $this->errstr); - } + $ctx_options['http'] = array( + 'proxy' => "{$this->proxy_protocol}{$this->proxy}:{$this->proxy_port}" + ); } + /* Disable SSL certificate check since it's used only by HA nowadays */ + $ctx_options['ssl'] = array( + 'verify_peer' => false, + 'verify_peer_name' => false + ); + var_dump($ctx_options); + + $ctx = stream_context_create($ctx_options); + + $fp = stream_socket_client("{$this->protocol}{$server}:{$port}", + $this->errno, $this->errstr, + ($timeout > 0 ? $timeout : ini_get("default_socket_timeout")), + STREAM_CLIENT_CONNECT, $ctx); + /* * Just raising the error without returning it is strange, * but keep it here for backwards compatibility. @@ -961,14 +952,6 @@ class XML_RPC_Client extends XML_RPC_Base { return 0; } - if ($timeout) { - /* - * Using socket_set_timeout() because stream_set_timeout() - * was introduced in 4.3.0, but we need to support 4.2.0. - */ - socket_set_timeout($fp, $timeout); - } - if (!fputs($fp, $op, strlen($op))) { $this->errstr = 'Write error'; return 0; |