I've come across a bug in PHP 5.2 that has been causing issues when I try to use httprl to do an HTTPS POST:

"When opening a socket connection with stream_socket_client() and the ssl:// wrapper, the connect-asynchronously flag (STREAM_CLIENT_ASYNC_CONNECT) causes ssl encryption to fail."
Full details and the patch for PHP 5.2.11 are here: https://bugs.php.net/bug.php?id=48182

The impact of this is that traffic destined for https://server:443/ silently ends up being sent insecurely to http://server:443/. I was alerted to this by the remote server erroring with "The plain HTTP request was sent to HTTPS port" when I switched from using drupal_http_request to httprl_request.

I've included a patch which works for me but will need review as I haven't tested it outside my particular use case.

Comments

Status:Active» Needs work

So this has been fixed in php versions 5.2.12 and up, is that correct? Can you add some code that conditionally does the work around based off of the PHP version?

<?php
...
  static
$php;
  if (!isset(
$php)) {
   
$php = version_compare(PHP_VERSION, '5.2.12', '>=');
  }
  if (
$uri['scheme'] == 'https' && !$php) {
...
?>

EDIT: Looks like php 5.3.0 is also effected after quickly reading the bug report. The final patch will need to take this into account.

StatusFileSize
new1.39 KB

The patches were released in 5.2.11 and 5.3.1 to fix the bug: http://www.php.net/ChangeLog-5.php

Attached a new patch. This one checks the PHP version if you're doing HTTPS requests.

Edit: Ignore this patch, it's got a syntax error.

StatusFileSize
new1.39 KB

Proper patch this time.

Status:Needs work» Needs review

Status:Needs review» Fixed
StatusFileSize
new1.69 KB

This is the patch that has been committed. Thanks for your hard work on this issue!

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.