Dominique.Fournier/DomFramework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

tcpclient : Allow to set the SSL options if needed

Browse Source 
tcpclient : use the TLS1.1 or TLS1.2 and no more the TLS1.0


git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4089 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
Dominique Fournier
2018-01-29 09:33:12 +00:00
parent 1feab2e762
commit a069bde02e
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tcpclient.php
View File

@@ -149,17 +149,23 @@ class tcpclient
/** Activate the SSL connection. /** Activate the SSL connection.
* Put the socket in blocking mode, as it is mandatory to have SSL connection * Put the socket in blocking mode, as it is mandatory to have SSL connection
* @param boolean $val True to activate, false to disable SSL * @param boolean $val True to activate, false to disable SSL
* @param integer $cryptoMethod The cryptoMethod allowed * @param integer|null $cryptoMethod The cryptoMethod allowed
* @param array|null $options Can overload the SSL options if needed
* @return false if the client can not found a encryption method with the * @return false if the client can not found a encryption method with the
* server * server
*/ */
public function cryptoEnable ($val, public function cryptoEnable ($val,
$cryptoMethod = STREAM_CRYPTO_METHOD_TLS_CLIENT) $cryptoMethod = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
$options = array ())
{ {
if ($this->socket === null) if ($this->socket === null)
throw new \Exception ("Can not send to server $this->ipOrName : ". throw new \Exception ("Can not send to server $this->ipOrName : ".
"The server is not connected", 500); "The server is not connected", 500);
$options = array ("ssl" => array ( if ($cryptoMethod === null)
$cryptoMethod = STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|
STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$optionsBase = array ("ssl" => array (
"peer_name" => $this->ipOrName, "peer_name" => $this->ipOrName,
"verify_peer" => true, "verify_peer" => true,
"verify_peer_name" => true, "verify_peer_name" => true,
@@ -167,8 +173,9 @@ class tcpclient
"capture_peer_cert_chain" => true, "capture_peer_cert_chain" => true,
"SNI_enabled" => true, "SNI_enabled" => true,
)); ));
$optionsMerged["ssl"] = array_merge ($optionsBase["ssl"], $options);
stream_set_blocking ($this->socket, true); stream_set_blocking ($this->socket, true);
stream_context_set_option ($this->socket, $options); stream_context_set_option ($this->socket, $optionsMerged);
ini_set("track_errors", 1); ini_set("track_errors", 1);
$rc = @stream_socket_enable_crypto ($this->socket, !!$val, $cryptoMethod); $rc = @stream_socket_enable_crypto ($this->socket, !!$val, $cryptoMethod);
ini_set("track_errors", 0); ini_set("track_errors", 0);