Would it make sense if enabling soap module forces php build system to
enable curl-wrappers ?
endrazine wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thank you for your replies.
First of, I am glad I am not the only one to think there is an issue
with the way SoapClient() deals with ssl. Now, I have been suggested a
few ways to deal with the problem, partly off list, and I'd appreciate
help in deciding which way to go.
The first possibility is to directly patch SoapClient() to force it use
libcurl (wich has ssl verification features). While doable tehcnically,
I wonder if my patch for it would be merged into the framework, or if
I'd have to then mantain my own version of php - which I am indeed not
too encline to do..
A second option would be to modify SoapClient()'s behavior using
http://php.net/manual/en/function.stream-wrapper-register.php, much like
done in
http://rabaix.net/en/articles/2008/03/13/using-soap-php-with-ntlm-authentication
this uses curl as well.
(thx Benjamin for the pointer). The main advantage is that it's using
php only, and looks easier to mantain. On the other hand, I somehow feel
like this issue should be fixed in the framework itself, since providing
soap over ssl without actually identifying the server is nothing less
than a BUG. Even a serious security vulnerability imho.
+1 . IMO, SoapClient implementation should handle this .
However, I ran into a strange issue while helping out a customer who had
'php' built with curl wrapper enabled. this below API call
new SoapClient ('http://.../wsdl', array( 'login' => .. , 'password' =>
... ));
threw exception and was actually failing with unable to retrieve the wsdl.
Now, he mentioned that same above API worked for him in his old php
version ( which also by the way did not have curl wrapper enabled ).
However, changing the SoapClient API to some thing below solved their
problem..
new SoapClient (null, array( 'uri' => 'http://.../wsdl', 'location' =>
'http://.../wsdl', 'login' => .. , 'password' => ... ));
The reason I brought forth this issue is that using 'cURL' internally
(within Soap module) might break some folks existing code.
- Sriram.
Cristian Rodríguez wrote:
On 07/07/09 10:18, Brian A. Seklecki wrote:
If it did use libcurl, dozens of problems over the last few years would
have magically solved themselves (pipe-line'ing, keep-alive, socket
options, PKI, etc.)
Not only this extension but pretty much everything should use curl IMHO,
it is included in all *nixes and works on windows too..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpUkmkACgkQK/YAm7PYybm/UQCgoIx1vqJ4mTD1Lblo3BBl5o9n
k+QAoKZeYJ182UmjVHbeokWiZwayDu0l
=9dqQ
-----END PGP SIGNATURE-----
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
