Make WordPress Core

Opened 3 years ago

#41340 new defect (bug)

fsockopen HTTP Proxy support is broken for HTTPS URLs

Reported by: flameeyes Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.8
Component: General Keywords:
Focuses: Cc:


First of all, a little bit of background on HTTP proxies.

"HTTP proxies" can exist with and without TLS at the proxy level. Both varieties allow you to connect to HTTPS hosts, through the CONNECT method (https://tools.ietf.org/html/rfc7231#section-4.3.6).

This means that there are four different valid combinations of TLS at proxy connection level and TLS at remote host connection level.

WordPress only allows setting a single proxy host (and port), but provides no configuration for whether it should be connected through TLS. The curl code correctly interprets this as using a non-TLS HTTP proxy for both HTTP and HTTPS connections.

fsockopen instead will use the remote host TLS (ssl) option even when opening the connection to the Proxy, effectively forcing the same host:port pair to be used both as TLS and not, which does not generally work. Resulting in these error connections:

HTTP proxy with no TLS:

HTTP proxy with TLS:

Change History (0)

Note: See TracTickets for help on using tickets.