Add option novalidatecert to connect(); closes #63#94
Conversation
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
|
Thanks @cedric-anne :)) |
weierophinney
left a comment
weierophinney
left a comment
There was a problem hiding this comment.
First off, thanks for this patch! I'm sure a number of people will appreciate having it in place, and it will make testing locally, where you might be forced to use self-signed certs, far easier!
I think you can improve this substantially by moving the various functionalities around the $novalidatecert property and setter into the ProtocolTrait, as well as the functionality for creating the socket options. I've provided guidance in the comments below.
Additionally, it would be great if you could figure out a way to unit test this, as the new functionality is not covered at all. While I'm reasonably certain it will be fine, a unit test ensures we don't break it in the future.
| } | ||
| } | ||
|
|
||
| $socket_options = []; |
There was a problem hiding this comment.
Please use camelCase for variable names for consistency (this is part of our coding standard).
There was a problem hiding this comment.
Changed. I've also factorized this piece of code, since this was entirely duplicated in both Imap and Pop3 classes
| public function __construct($host = '', $port = null, $ssl = false) | ||
| public function __construct($host = '', $port = null, $ssl = false, $novalidatecert = false) | ||
| { | ||
| $this->novalidatecert = $novalidatecert; |
There was a problem hiding this comment.
Please call $this->setNoValidateCert($novalidatecert) to ensure you get proper validation of the value (see my notes on that method as well).
| public function __construct($host = '', $port = null, $ssl = false) | ||
| public function __construct($host = '', $port = null, $ssl = false, $novalidatecert = false) | ||
| { | ||
| $this->novalidatecert = $novalidatecert; |
There was a problem hiding this comment.
Please call $this->setNoValidateCert($novalidatecert) to ensure you get proper validation of the value (see my notes on that method as well).
| public function setNoValidateCert($novalidatecert) | ||
| { | ||
|
|
||
| if (is_bool($novalidatecert)) { | ||
| $this->novalidatecert = $novalidatecert; | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
Please see my notes on the same method in the Imap class.
| $socket_options = []; | ||
|
|
||
| if ($this->novalidatecert) { | ||
| $socket_options = [ | ||
| 'ssl' => [ | ||
| 'verify_peer_name' => false, | ||
| 'verify_peer' => false, | ||
| ] | ||
| ]; | ||
| } | ||
|
|
||
| $socket_context = stream_context_create($socket_options); | ||
|
|
||
| ErrorHandler::start(); | ||
| $this->socket = fsockopen($host, $port, $errno, $errstr, self::TIMEOUT_CONNECTION); | ||
| $this->socket = stream_socket_client( | ||
| $host . ":" . $port, | ||
| $errno, | ||
| $errstr, | ||
| self::TIMEOUT_CONNECTION, | ||
| STREAM_CLIENT_CONNECT, | ||
| $socket_context | ||
| ); | ||
|
|
There was a problem hiding this comment.
Please see my notes on this in the Imap class.
Since this code is reproduced in both classes, I'd argue that you should:
- Move the
$novalidatecertproperty intoProtocolTrait - Move the
setNoValidateCert()method intoProtocolTrait - Create a new method in
ProtocolTrait:
/**
* @return array
*/
private function prepareSocketOptions()
{
return $this->novalidatecert
? [
'ssl' => [
'verify_peer_name' => false,
'verify_peer' => false,
],
]
: [];
}Then, in the connect() method of each, you can do:
$this->socket = stream_socket_client(
$host . ':' . $port,
$errno,
$errstr,
self::TIMEOUT_CONNECTION,
STREAM_CLIENT_CONNECT,
stream_context_create($this->prepareSocketOptions())
);(This also means the comments about camelCase names become irrelevant, as the variables are never created.)
There was a problem hiding this comment.
I've moved then entire socket preparation, and splitted options preparation to another method
|
Hi @weierophinney thank you for the feedbacks :) I will fix according to your review comments. |
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
|
Tests are failing: |
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
|
I've added a very basic test; but I do not know if it is possible to do more; and I do not really have time to investigate on that. |
|
@trasher let's hope @weierophinney is happy with the changes. 3️⃣ pairs of 👀 reviewed the code now. |
Signed-off-by: Johan Cwiklinski <jcwiklinski@teclib.com>
weierophinney
left a comment
weierophinney
left a comment
There was a problem hiding this comment.
Looks good! I've made some minor changes locally (pushing momentarily) to cover some nitpicks I had but didn't want to bother you with.
🚢
Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
|
I rebased locally and made edits... but don't have rights to push back to the origin repo. Rest assured, though - your commits are in! |
Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
6 participants
Description
Allow connection with self signed SSL certificates; see #63; port of existing zendframework/zend-mail#247.