From a069bde02e688b012fcbcf21afd6d32aabb0993f Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Mon, 29 Jan 2018 09:33:12 +0000
Subject: [PATCH] tcpclient : Allow to set the SSL options if needed tcpclient
 : use the TLS1.1 or TLS1.2 and no more the TLS1.0

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4089 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 tcpclient.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tcpclient.php b/tcpclient.php
index f1a66e0..6965763 100644
--- a/tcpclient.php
+++ b/tcpclient.php
@@ -149,17 +149,23 @@ class tcpclient
   /** Activate the SSL connection.
     * Put the socket in blocking mode, as it is mandatory to have SSL connection
     * @param boolean $val True to activate, false to disable SSL
-    * @param integer $cryptoMethod The cryptoMethod allowed
+    * @param integer|null $cryptoMethod The cryptoMethod allowed
+    * @param array|null $options Can overload the SSL options if needed
     * @return false if the client can not found a encryption method with the
     * server
     */
   public function cryptoEnable ($val,
-    $cryptoMethod = STREAM_CRYPTO_METHOD_TLS_CLIENT)
+    $cryptoMethod = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|
+                    STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
+    $options = array ())
   {
     if ($this->socket === null)
       throw new \Exception ("Can not send to server $this->ipOrName : ".
         "The server is not connected", 500);
-    $options = array ("ssl" => array (
+    if ($cryptoMethod === null)
+      $cryptoMethod = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|
+                      STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+    $optionsBase = array ("ssl" => array (
       "peer_name" => $this->ipOrName,
       "verify_peer" => true,
       "verify_peer_name" => true,
@@ -167,8 +173,9 @@ class tcpclient
       "capture_peer_cert_chain" => true,
       "SNI_enabled" => true,
     ));
+    $optionsMerged["ssl"] = array_merge ($optionsBase["ssl"], $options);
     stream_set_blocking ($this->socket, true);
-    stream_context_set_option ($this->socket, $options);
+    stream_context_set_option ($this->socket, $optionsMerged);
     ini_set("track_errors", 1);
     $rc = @stream_socket_enable_crypto ($this->socket, !!$val, $cryptoMethod);
     ini_set("track_errors", 0);