HTTPS and Digest authentication in PHP
Now that Kellan has finally integrated my character encoding changes, I figure I might as well cause him some more trouble. I’m trying to get HTTPS and Digest Authentication working in Snoopy, therefore MagpieRSS, and therefore FoF.
There is currently support for HTTPS in Snoopy, (and in FoF 0.1.8, now that I’ve fixed a stupid bug) but it depends on executing ‘curl’ externally. Yuck. And Snoopy does Basic Authentication, but not Digest. Since one of the really common things people would like to do is subscribe to a friends-only LJ feed, supporting Digest would be nice.
I think I have HTTPS working already, using code copied from HTTP_Request. Assuming you have all the right dependencies (I think just OpenSSL), SSL magically “just works” by using fsockopen with “ssl://” prepended to the host. Kind of a strange way to do it, but PHP programmers are used to such things. It seems to work equally well connecting to hosts with “real” SSL certificates, and “bogus” self-signed ones, which I’m going to interpret as a feature in this case. (In Java you have to jump through UNBELIEVABLE hoops just to say “yes, yes, I know the certificate isn’t signed, or the host name doens’t match, BUT JUST CONNECT ANYWAY!”)
As for Digest Auth, that’s harder. I can’t find s single existing PHP implementation. Well, I found the server side, but not the client side. From reading the RFC, and some implementations in other languages, it doesn’t look that hard. So I’ll try that next! I’ll probably get it to just barely work with LJ, declare victory, and ship it.
By the way silverorange’s test private feeds have been really helpful in getting this to work. Thanks for those!
One other related thing people always request is for FoF to work behind an authenticated proxy. I’m having a really, really hard time caring about that one, mostly because I don’t have an easy way to test it, and also because it just seems so weird, so I’ll likely not do it.
REPLY))
I got to tell you as much as I use PEAR unstintingly in all my software development, I’m hesitant to make Magpie require it (or OpenSSL).
That said I’m happy to work on a Request abstraction layer that allows an HTTP_Request drop in to add Digest auth support. (I’ve always been kind of surprised that no one have developed a Cache_Lite based replacement for the Magpie cache)
REPLY))
Actually, HTTP_Request only supports Basic auth. Currently the only way to do Digest in PHP is to call curl, either externally or the curl module. I like as few dependencies as possible too, that’s why I’m going to see if a pure PHP implementation of Digest is possible. I’m trying to add that, and better HTTPS support, directly to Snoopy.
REPLY))
Sorry, misunderstood. That rocks.
(Where does he find the time?)
REPLY))
You do realize it’s been like 6 months since I touched FoF, right? Time flies!
REPLY))
Do you have a modified Snoopy class available that works with https? or, can you give me some tips on how to get it to connect via https? thanks!
REPLY))
Not yet. Maybe when FoF 0.1.9 comes out! But I do have some test code that appears to be working. All I did was copy the code from the HTTP_Request PEAR module. And all that code did was a normal fsockopen() call with ’ssl://’ appended to the hostname. For this to work, you have to have PHP 4.3.0, and OpenSSL compiled in.
REPLY))
Hello Steve – I tried what you suggested (appending ’ssl://’ to $host before fsockopen in snoopy.class.php), but now i’m getting this error: “Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages: error:140770FC:lib(20):func(119):reason(252) in /home/csbi/public_html/test/Snoopy.class.php on line 1095″. i wonder if this has to do with my host not having the right version of openssl compiled in? my hosting service has php 4.3.9 or is there somehting else i needed to do with HTTP_Request PEAR?
REPLY))
Seems like “reason 252″ means “ssl handshake failed” (I googled for openssl “reason 252). Did you make sure to connect to port 443? That’s the only simple reason for this I can think of. If that wasn’t it, then I’m really new to OpenSSL and PHP, so I’m afraid I can’t really help any further. I don’t know if there are any config settings that are in play, or if there’s any way for you to turn up the logging.
REPLY))
Thanks for the help!!! Ok, i should have realized to google for that error msg. it all seems good now on my end. hope you do well with your endeavours.
REPLY))
OOOoooo good! It works! That’s great!
REPLY))
HI friend, i am not able to open socket in ssl sever using snoopy. i am getting error like “php_hostconnect Connect failed”. i was try using ssl://, https:/ and port is 443. Bu cant successed. so can u suggest what is the problem here???
Thaks for support in Advance
REPLY))
Sorry, I don’t have any suggestions. I wonder if it is being caused by this PHP bug?
REPLY))
Hello how are you man what the things up from your side buddy
REPLY))
I’m still not sure what was done to get ssl support working in snoopy. Any help?
REPLY))
I havent been able to get this to work using PHP 5.2.2 with the OpenSSL support installed. It keeps looking for Curl. Even after I installed curl, I am giving it the curl install path (C:\Program Files\curl-7.16.2) but it still says Bad curl (C:\Program Files\curl-7.16.2), can’t fetch HTTPS. Any ideas?