ID: 44248
User updated by: jboffel at gmail dot com
Reported By: jboffel at gmail dot com
Status: Open
Bug Type: SOAP related
Operating System: Linux RedHat Enterprise
PHP Version: 5.2.9
New Comment:
sorry small mistake on my previous comment...
Good fix is:
smart_str_append_const(&soap_headers, "Host: ");
smart_str_appends(&soap_headers, phpurl->host);
if (phpurl->port != 80) {
smart_str_append_const(&soap_headers, ":");
smart_str_append_unsigned(&soap_headers, phpurl->port);
}
smart_str_append_const(&soap_headers, "\r\n");
Previous Comments:
------------------------------------------------------------------------
[2009-04-30 07:58:36] jboffel at gmail dot com
I'll even give you a link on another bug related to our problem :
http://bugs.php.net/bug.php?id=30359
This bug show us that "Host: " field was previously in the code (in
2004) and there was a bug on this field (about the port) which complet
my fix to avoid repeating his bug.
So apparently you need to add this code to be compliant to all RFC
requests:
smart_str_append_const(&soap_headers, "Host: ");
smart_str_appends(&soap_headers, phpurl->host);
smart_str_append_const(&soap_headers, "\r\n");
if (phpurl->port != 80) {
smart_str_append_const(&soap_headers, ":");
smart_str_append_unsigned(&soap_headers, phpurl->port);
}
------------------------------------------------------------------------
[2009-04-28 19:47:01] jboffel at gmail dot com
I checked source code of last CVS snapshot you gave with your link.
I can't easily test in same conditions than before so I just compared
source code.
I could be wrong but I'm pretty sure there is no difference and that
the bug is still present.
smart_str_append_const(&soap_headers, "CONNECT ");
smart_str_appends(&soap_headers, phpurl->host);
smart_str_appendc(&soap_headers, ':');
smart_str_append_unsigned(&soap_headers, phpurl->port);
smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
proxy_authentication(this_ptr, &soap_headers TSRMLS_CC);
smart_str_append_const(&soap_headers, "\r\n");
proxy_authentication just add basic auth if necessary. Nothing to do
with "Host: " header parameter.
And it's still in HTTP/1.1, so for me, no news.
------------------------------------------------------------------------
[2009-04-28 18:36:31] j...@php.net
Please try using this CVS snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
------------------------------------------------------------------------
[2008-02-25 22:03:51] jboffel at gmail dot com
Description:
------------
Configure line :
No need for a configure line here, just need the php extension soap.so
Setup :
You have to make a soap call on an https based webservice through an
Apache proxy (Apache or any proxy which is following rfc2616).
Explanation :
When you make an HTTPS connection in HTTP/1.1 through a proxy you MUST
include an host parameter in the HTTP header like that :
CONNECT uri-test:443 HTTP/1.1
Host: uri-test
And what's done today is :
CONNECT uri-test:443 HTTP/1.1
So we're clearly missing the Host parameter like explaining below,
rfc2616 require this :
A client MUST include a Host header field in all HTTP/1.1 request
messages . If the requested URI does not include an Internet host
name for the service being requested, then the Host header field
MUST
be given with an empty value. An HTTP/1.1 proxy MUST ensure that
any
request message it forwards does contain an appropriate Host header
field that identifies the service being requested by the proxy. All
Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad
Request)
status code to any HTTP/1.1 request message which lacks a Host
header
field.
The problem is based in php_http.c in ext/soap/ of ANY existing version
of PHP (not only 5.2.5)
Well, there is two possible fix at least :
1) Add after line 169 :
smart_str_append_const(&soap_headers, "Host: ");
smart_str_appends(&soap_headers, phpurl->host);
smart_str_append_const(&soap_headers, "\r\n");
The problem here is that I'm NOT sure that every time in HTTPS
connection we need to put exactly the value of phpurl-host.
For example I don't know if it's possible to be in a situation like
this : (IP like x.x.x.x)
CONNECT IP:443 HTTP/1.1
Host: www.test.com
If yes, this fix is not perfect.
2) Modify line 169 from :
smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
to :
smart_str_append_const(&soap_headers, " HTTP/1.0\r\n");
Of course solution 2 force us to downgrade to protocol HTTP/1.0 which
won't be able to access HTTPS virtualhosted website on a single IP
address.
Reproduce code:
---------------
Short script :
<?php
$client = new SoapClient("some.wsdl", array('proxy_host'=>"localhost",
'proxy_port'=>
8080,'uri'=>"https://test-uri/";));
$client->SomeFunction($a, $b, $c);
?>
Expected result:
----------------
HTTP header like that :
CONNECT uri-test:443 HTTP/1.1
Host: uri-test
Actual result:
--------------
CONNECT uri-test:443 HTTP/1.1
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=44248&edit=1
