NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitfa841e4

committed

[HttpClient] Add optioncrypto_method to set the minimum SSL version and make it default to TLSv1.2

1 parent6222f8e commitfa841e4Copy full SHA for fa841e4

File tree

9 files changed

+32

-1

lines changed

src/Symfony
- Bundle/FrameworkBundle/DependencyInjection
  - Configuration.php
- Component/HttpClient
- Contracts
  - CHANGELOG.md
  - HttpClient
    - HttpClientInterface.php

9 files changed

+32

-1

lines changed

`‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1849,6 +1849,9 @@ private function addHttpClientSection(ArrayNodeDefinition $rootNode, callable $e`
`1849`	`1849`	`->variableNode('md5')->end()`
`1850`	`1850`	`->end()`
`1851`	`1851`	`->end()`
	`1852`	`+ ->scalarNode('crypto_method')`
	`1853`	`+ ->info('The minimum version of SSL to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.')`
	`1854`	`+ ->end()`
`1852`	`1855`	`->arrayNode('extra')`
`1853`	`1856`	`->info('Extra options for specific HTTP client')`
`1854`	`1857`	`->normalizeKeys(false)`

`‎src/Symfony/Component/HttpClient/CHANGELOG.md‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,11 @@`
`1`	`1`	`CHANGELOG`
`2`	`2`	`=========`
`3`	`3`
	`4`	`+6.4`
	`5`	`+---`
	`6`	`+`
	`7`	+* Add option`crypto_method` to set the minimum SSL version and make it default to TLSv1.2
	`8`	`+`
`4`	`9`	`6.3`
`5`	`10`	`---`
`6`	`11`

`‎src/Symfony/Component/HttpClient/CurlHttpClient.php‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,12 @@ public function request(string $method, string $url, array $options = []): Respo`
`116`	`116`	`\CURLOPT_SSLKEY =>$options['local_pk'],`
`117`	`117`	`\CURLOPT_KEYPASSWD =>$options['passphrase'],`
`118`	`118`	`\CURLOPT_CERTINFO =>$options['capture_peer_cert_chain'],`
	`119`	`+ \CURLOPT_SSLVERSION =>match ($options['crypto_method']) {`
	`120`	`+ \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT => \CURL_SSLVERSION_TLSv1_3,`
	`121`	`+ \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT => \CURL_SSLVERSION_TLSv1_2,`
	`122`	`+ \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT => \CURL_SSLVERSION_TLSv1_1,`
	`123`	`+ \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT => \CURL_SSLVERSION_TLSv1_0,`
	`124`	`+ }`
`119`	`125`	`];`
`120`	`126`
`121`	`127`	`if (1.0 === (float)$options['http_version']) {`

`‎src/Symfony/Component/HttpClient/HttpClientTrait.php‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,15 @@ private static function prepareRequest(?string $method, ?string $url, array $opt`
`116`	`116`	`$options['peer_fingerprint'] =self::normalizePeerFingerprint($options['peer_fingerprint']);`
`117`	`117`	`}`
`118`	`118`
	`119`	`+if (isset($options['crypto_method']) && !\in_array($options['crypto_method'], [`
	`120`	`+ \STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT,`
	`121`	`+ \STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT,`
	`122`	`+ \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,`
	`123`	`+ \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT,`
	`124`	`+ ],true)) {`
	`125`	`+thrownewInvalidArgumentException('Option "crypto_method" must be one of "STREAM_CRYPTO_METHOD_TLSv1_*_CLIENT".');`
	`126`	`+ }`
	`127`	`+`
`119`	`128`	`// Validate on_progress`
`120`	`129`	`if (isset($options['on_progress']) && !\is_callable($onProgress =$options['on_progress'])) {`
`121`	`130`	`thrownewInvalidArgumentException(sprintf('Option "on_progress" must be callable, "%s" given.',get_debug_type($onProgress)));`

`‎src/Symfony/Component/HttpClient/Internal/AmpClientState.php‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -141,6 +141,7 @@ private function getClient(array $options): array`
`141`	`141`	`$options['local_cert'] &&$context =$context->withCertificate(newCertificate($options['local_cert'],$options['local_pk']));`
`142`	`142`	`$options['ciphers'] &&$context =$context->withCiphers($options['ciphers']);`
`143`	`143`	`$options['capture_peer_cert_chain'] &&$context =$context->withPeerCapturing();`
	`144`	`+$options['crypto_method'] &&$context =$context->withMinimumVersion($options['crypto_method']);`
`144`	`145`
`145`	`146`	`$connector =$handleConnector =newclass()implements Connector {`
`146`	`147`	`public$connector;`

`‎src/Symfony/Component/HttpClient/NativeHttpClient.php‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -215,6 +215,7 @@ public function request(string $method, string $url, array $options = []): Respo`
`215`	`215`	`'verify_peer_name' =>$options['verify_host'],`
`216`	`216`	`'cafile' =>$options['cafile'],`
`217`	`217`	`'capath' =>$options['capath'],`
	`218`	`+'crypto_method' =>$options['crypto_method'],`
`218`	`219`	`'local_cert' =>$options['local_cert'],`
`219`	`220`	`'local_pk' =>$options['local_pk'],`
`220`	`221`	`'passphrase' =>$options['passphrase'],`

`‎src/Symfony/Component/HttpClient/composer.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`"php":">=8.1",`
`26`	`26`	`"psr/log":"^1\|^2\|^3",`
`27`	`27`	`"symfony/deprecation-contracts":"^2.5\|^3",`
`28`		`-"symfony/http-client-contracts":"^3",`
	`28`	`+"symfony/http-client-contracts":"^3.3",`
`29`	`29`	`"symfony/service-contracts":"^2.5\|^3"`
`30`	`30`	`},`
`31`	`31`	`"require-dev": {`

`‎src/Symfony/Contracts/CHANGELOG.md‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,11 @@`
`1`	`1`	`CHANGELOG`
`2`	`2`	`=========`
`3`	`3`
	`4`	`+3.3`
	`5`	`+---`
	`6`	`+`
	`7`	+* Add option`crypto_method` to`HttpClientInterface` to define the minimum SSL version to accept
	`8`	`+`
`4`	`9`	`3.2`
`5`	`10`	`---`
`6`	`11`

`‎src/Symfony/Contracts/HttpClient/HttpClientInterface.php‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ interface HttpClientInterface`
`66`	`66`	`'ciphers' =>null,`
`67`	`67`	`'peer_fingerprint' =>null,`
`68`	`68`	`'capture_peer_cert_chain' =>false,`
	`69`	`+'crypto_method' => \STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,// STREAM_CRYPTO_METHOD_TLSv*_CLIENT - minimum SSL version`
`69`	`70`	`'extra' => [],// array - additional options that can be ignored if unsupported, unlike regular options`
`70`	`71`	`];`
`71`	`72`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitfa841e4

File tree

9 files changed

9 files changed

`‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php‎`

`‎src/Symfony/Component/HttpClient/CHANGELOG.md‎`

`‎src/Symfony/Component/HttpClient/CurlHttpClient.php‎`

`‎src/Symfony/Component/HttpClient/HttpClientTrait.php‎`

`‎src/Symfony/Component/HttpClient/Internal/AmpClientState.php‎`

`‎src/Symfony/Component/HttpClient/NativeHttpClient.php‎`

`‎src/Symfony/Component/HttpClient/composer.json‎`

`‎src/Symfony/Contracts/CHANGELOG.md‎`

`‎src/Symfony/Contracts/HttpClient/HttpClientInterface.php‎`

0 commit comments