ID: 44248 User updated by: jboffel at gmail dot com Reported By: jboffel at gmail dot com -Status: Feedback +Status: Open Bug Type: SOAP related Operating System: Linux RedHat Enterprise PHP Version: 5.2.5 New Comment:
I checked source code of last CVS snapshot you gave with your link. I can't easily test in same conditions than before so I just compared source code. I could be wrong but I'm pretty sure there is no difference and that the bug is still present. smart_str_append_const(&soap_headers, "CONNECT "); smart_str_appends(&soap_headers, phpurl->host); smart_str_appendc(&soap_headers, ':'); smart_str_append_unsigned(&soap_headers, phpurl->port); smart_str_append_const(&soap_headers, " HTTP/1.1\r\n"); proxy_authentication(this_ptr, &soap_headers TSRMLS_CC); smart_str_append_const(&soap_headers, "\r\n"); proxy_authentication just add basic auth if necessary. Nothing to do with "Host: " header parameter. And it's still in HTTP/1.1, so for me, no news. Previous Comments: ------------------------------------------------------------------------ [2009-04-28 18:36:31] j...@php.net Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://windows.php.net/snapshots/ ------------------------------------------------------------------------ [2008-02-25 22:03:51] jboffel at gmail dot com Description: ------------ Configure line : No need for a configure line here, just need the php extension soap.so Setup : You have to make a soap call on an https based webservice through an Apache proxy (Apache or any proxy which is following rfc2616). Explanation : When you make an HTTPS connection in HTTP/1.1 through a proxy you MUST include an host parameter in the HTTP header like that : CONNECT uri-test:443 HTTP/1.1 Host: uri-test And what's done today is : CONNECT uri-test:443 HTTP/1.1 So we're clearly missing the Host parameter like explaining below, rfc2616 require this : A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field. The problem is based in php_http.c in ext/soap/ of ANY existing version of PHP (not only 5.2.5) Well, there is two possible fix at least : 1) Add after line 169 : smart_str_append_const(&soap_headers, "Host: "); smart_str_appends(&soap_headers, phpurl->host); smart_str_append_const(&soap_headers, "\r\n"); The problem here is that I'm NOT sure that every time in HTTPS connection we need to put exactly the value of phpurl-host. For example I don't know if it's possible to be in a situation like this : (IP like x.x.x.x) CONNECT IP:443 HTTP/1.1 Host: www.test.com If yes, this fix is not perfect. 2) Modify line 169 from : smart_str_append_const(&soap_headers, " HTTP/1.1\r\n"); to : smart_str_append_const(&soap_headers, " HTTP/1.0\r\n"); Of course solution 2 force us to downgrade to protocol HTTP/1.0 which won't be able to access HTTPS virtualhosted website on a single IP address. Reproduce code: --------------- Short script : <?php $client = new SoapClient("some.wsdl", array('proxy_host'=>"localhost", 'proxy_port'=> 8080,'uri'=>"https://test-uri/";)); $client->SomeFunction($a, $b, $c); ?> Expected result: ---------------- HTTP header like that : CONNECT uri-test:443 HTTP/1.1 Host: uri-test Actual result: -------------- CONNECT uri-test:443 HTTP/1.1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44248&edit=1
