Merge pull request #16 from relaxedws/allow-self-signed-certificates

Make possible to avoid peer verification and allow self-signed certificates.

Author: jeqq

lib/Doctrine/CouchDB/CouchDBClient.php

@@ -113,6 +113,7 @@ public static function create(array $options)
             'password' => null,
             'ip'       => null,
             'ssl'      => false,
+            'verify'   => true,
             'path'     => null,
             'logging'  => false,
             'timeout'  => 10,
@@ -133,6 +134,7 @@ public static function create(array $options)
             $options['password'],
             $options['ip'],
             $options['ssl'],
+            $options['verify'],
             $options['path'],
             $options['timeout'],
             $options['headers']

lib/Doctrine/CouchDB/HTTP/AbstractHTTPClient.php

@@ -27,6 +27,7 @@ abstract class AbstractHTTPClient implements Client
         'port'       => 5984,
         'ip'         => '127.0.0.1',
         'ssl'        => false,
+        'verify'     => true,
         'timeout'    => 10,
         'keep-alive' => true,
         'username'   => null,
@@ -47,17 +48,17 @@ abstract class AbstractHTTPClient implements Client
      * @param string $password
      * @param string $ip
      * @param bool   $ssl
+     * @param bool   $verify
      * @param string $path
      * @param int    $timeout
      * @param array  $headers
-     *
-     * @return \Doctrine\CouchDB\HTTP\AbstractHTTPClient
      */
-    public function __construct($host = 'localhost', $port = 5984, $username = null, $password = null, $ip = null, $ssl = false, $path = null, $timeout = 10, array $headers = [])
+    public function __construct($host = 'localhost', $port = 5984, $username = null, $password = null, $ip = null, $ssl = false, $verify = true, $path = null, $timeout = 10, array $headers = [])
     {
         $this->options['host'] = (string) $host;
         $this->options['port'] = (int) $port;
         $this->options['ssl'] = $ssl;
+        $this->options['verify'] = $verify;
         $this->options['username'] = $username;
         $this->options['password'] = $password;
         $this->options['path'] = $path;
@@ -89,6 +90,7 @@ public function setOption($option, $value)
         switch ($option) {
         case 'keep-alive':
         case 'ssl':
+        case 'verify':
             $this->options[$option] = (bool) $value;
             break;
 

lib/Doctrine/CouchDB/HTTP/MultipartParserAndSender.php

@@ -44,6 +44,7 @@ public function __construct(AbstractHTTPClient $source, AbstractHTTPClient $targ
             $sourceOptions['password'],
             $sourceOptions['ip'],
             $sourceOptions['ssl'],
+            $sourceOptions['verify'],
             $sourceOptions['path'],
             $sourceOptions['timeout'],
             $sourceOptions['headers']
@@ -57,6 +58,7 @@ public function __construct(AbstractHTTPClient $source, AbstractHTTPClient $targ
             $targetOptions['password'],
             $targetOptions['ip'],
             $targetOptions['ssl'],
+            $targetOptions['verify'],
             $targetOptions['path'],
             $targetOptions['timeout'],
             $sourceOptions['headers']

lib/Doctrine/CouchDB/HTTP/SocketClient.php

@@ -75,6 +75,7 @@ public function getConnection(
     protected function checkConnection()
     {
         // Setting Connection scheme according ssl support
+        $context_options = null;
         if ($this->options['ssl']) {
             if (!extension_loaded('openssl')) {
                 // no openssl extension loaded.
@@ -88,24 +89,30 @@ protected function checkConnection()
                     0
                 );
             }
-
-            $host = 'ssl://'.$this->options['host'];
+            $host = 'ssl://'.$this->options['host'].':'.$this->options['port'];
+            if ($this->options['verify'] === false) {
+                $context_options = [
+                    'ssl' => [
+                        'verify_peer' => false,
+                    ],
+                ];
+            }
         } else {
-            $host = $this->options['ip'];
+            $host = $this->options['ip'].':'.$this->options['port'];
         }
 
-        // If the connection could not be established, fsockopen sadly does not
-        // only return false (as documented), but also always issues a warning.
-        if (($this->connection === null) &&
-             (($this->connection = @fsockopen($host, $this->options['port'], $errno, $errstr, $this->options['timeout'])) === false)) {
-            // This is a bit hackisch...
-            $this->connection = null;
-            throw HTTPException::connectionFailure(
-                $this->options['ip'],
-                $this->options['port'],
-                $errstr,
-                $errno
-            );
+        // Try to establish the connection.
+        if ($this->connection === null) {
+            $context = stream_context_create($context_options);
+            if (($this->connection = @stream_socket_client($host, $errno, $errstr, $this->options['timeout'], STREAM_CLIENT_CONNECT, $context)) === false) {
+                $this->connection = null;
+                throw HTTPException::connectionFailure(
+                    $this->options['ip'],
+                    $this->options['port'],
+                    $errstr,
+                    $errno
+                );
+            }
         }
     }
 

lib/Doctrine/CouchDB/HTTP/StreamClient.php

@@ -89,24 +89,26 @@ protected function checkConnection($method, $path, $data, $headers)
             }
             // Determine the correct scheme so SSL is handled too.
             $scheme = !empty($this->options['ssl']) ? 'https' : 'http';
-
+            $context_options = [
+                'http' => [
+                    'method'        => $method,
+                    'content'       => $data,
+                    'ignore_errors' => true,
+                    'max_redirects' => 0,
+                    'user_agent'    => 'Doctrine CouchDB ODM $Revision$',
+                    'timeout'       => $this->options['timeout'],
+                    'header'        => $stringHeader,
+                ],
+            ];
+            if ($scheme === 'https' && ($this->options['verify'] === false)) {
+              $context_options['ssl'] = ['verify_peer' => false];
+            }
+            $context = stream_context_create($context_options);
             $this->httpFilePointer = @fopen(
                 $scheme . '://' . $basicAuth . $host . $path,
                 'r',
                 false,
-                stream_context_create(
-                    [
-                        'http' => [
-                            'method'        => $method,
-                            'content'       => $data,
-                            'ignore_errors' => true,
-                            'max_redirects' => 0,
-                            'user_agent'    => 'Doctrine CouchDB ODM $Revision$',
-                            'timeout'       => $this->options['timeout'],
-                            'header'        => $stringHeader,
-                        ],
-                    ]
-                )
+                $context
             );
         }
 

tests/Doctrine/Tests/CouchDB/CouchDBClientTest.php

@@ -36,6 +36,7 @@ public function testCreateClientFromUrl()
                 'username'   => 'foo',
                 'password'   => 'bar',
                 'ssl'        => true,
+                'verify'     => true,
                 'timeout'    => 10,
                 'keep-alive' => true,
                 'path'       => null,
@@ -58,6 +59,7 @@ public function testCreateClientFromUrlWithPath()
                 'username'   => 'foo',
                 'password'   => 'bar',
                 'ssl'        => true,
+                'verify'     => true,
                 'timeout'    => 10,
                 'keep-alive' => true,
                 'path'       => 'baz/qux',