Make WordPress Core

Opened 7 years ago

Last modified 4 years ago

#41340 new defect (bug)

fsockopen HTTP Proxy support is broken for HTTPS URLs

Reported by: flameeyes's profile flameeyes Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.8
Component: HTTP API Keywords:
Focuses: Cc:

Description

First of all, a little bit of background on HTTP proxies.

"HTTP proxies" can exist with and without TLS at the proxy level. Both varieties allow you to connect to HTTPS hosts, through the CONNECT method (https://tools.ietf.org/html/rfc7231#section-4.3.6).

This means that there are four different valid combinations of TLS at proxy connection level and TLS at remote host connection level.

WordPress only allows setting a single proxy host (and port), but provides no configuration for whether it should be connected through TLS. The curl code correctly interprets this as using a non-TLS HTTP proxy for both HTTP and HTTPS connections.

fsockopen instead will use the remote host TLS (ssl) option even when opening the connection to the Proxy, effectively forcing the same host:port pair to be used both as TLS and not, which does not generally work. Resulting in these error connections:

HTTP proxy with no TLS:

HTTP proxy with TLS:

Change History (2)

This ticket was mentioned in Slack in #core by noisysocks. View the logs.


4 years ago

#2 @SergeyBiryukov
4 years ago

  • Component changed from General to HTTP API
Note: See TracTickets for help on using tickets.