-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you for your replies.
First of, I am glad I am not the only one to think there is an issue with the way SoapClient() deals with ssl. Now, I have been suggested a few ways to deal with the problem, partly off list, and I'd appreciate help in deciding which way to go. The first possibility is to directly patch SoapClient() to force it use libcurl (wich has ssl verification features). While doable tehcnically, I wonder if my patch for it would be merged into the framework, or if I'd have to then mantain my own version of php - which I am indeed not too encline to do.. A second option would be to modify SoapClient()'s behavior using http://php.net/manual/en/function.stream-wrapper-register.php, much like done in http://rabaix.net/en/articles/2008/03/13/using-soap-php-with-ntlm-authentication (thx Benjamin for the pointer). The main advantage is that it's using php only, and looks easier to mantain. On the other hand, I somehow feel like this issue should be fixed in the framework itself, since providing soap over ssl without actually identifying the server is nothing less than a BUG. Even a serious security vulnerability imho. A third option could be to write a php module, ripping most of the code of SoapClient(), possibly working over ssl only. That would be pretty much as difficult as option 1, only I wouldn't be fixing the issue for other users as well. I think I'll go for option 2 if you guys are not willing to fix the problem right now due to other priorities. I can spend some time on option 1 if you estimate this should be fixed, but I'd rather not take the risk to mantain my own version of php if I can avoid doing so ;) Feedback most welcome. Thanks for your hints, Jonathan- Cristian Rodríguez wrote: > On 07/07/09 10:18, Brian A. Seklecki wrote: > >> If it did use libcurl, dozens of problems over the last few years would >> have magically solved themselves (pipe-line'ing, keep-alive, socket >> options, PKI, etc.) > > Not only this extension but pretty much everything should use curl IMHO, > it is included in all *nixes and works on windows too.. > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpUkmkACgkQK/YAm7PYybm/UQCgoIx1vqJ4mTD1Lblo3BBl5o9n k+QAoKZeYJ182UmjVHbeokWiZwayDu0l =9dqQ -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
