Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS/SSL support #342

Open
iggyvolz opened this issue Mar 31, 2022 · 2 comments
Open

Add TLS/SSL support #342

iggyvolz opened this issue Mar 31, 2022 · 2 comments
Assignees
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Accepted It's clear what the subject of the issue is about, and what the resolution should be. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@iggyvolz
Copy link

Is your feature request related to a problem? Please describe.
The TCP component is incapable of connecting over TLS/SSL (ex. to any HTTPS site)

Describe the solution you'd like
The simplest solution would be to add a flag to Psl\TCP\Connect which would set the protocol to tls (tls requested) or tcp (default/no tls requested) here:

$socket = Network\Internal\socket_connect("tcp://{$host}:{$port}", $context, $timeout);
. However there are also several settings in the SSL context https://www.php.net/manual/en/context.ssl.php so I could see this going into ConnectOptions (or a separate SSLConnectOptions within ConnectOptions).

Describe alternatives you've considered
https://www.php.net/manual/en/function.stream-socket-enable-crypto.php appears to allow you to enable TLS after starting a stream, however I was not able to get it to work with HTTPS, so it looks like there's a slightly different effect of stream_context_create("tls://") vs $stream = stream_context_create("tcp://"); stream_socket_enable_crypto($stream); - this would allow you to do something like $stream->enableCrypto();.

Additional context
Running a TLS server is an entirely different beast, because that is going to require loading the certificate in (client certificates also exist but they're far less used 😢). With the complexity here it might make sense to make an entirely separate TLS-over-TCP module.

@iggyvolz iggyvolz added the Type: Enhancement Most issues will probably ask for additions or changes. label Mar 31, 2022
@azjezz azjezz added Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix Status: Available No one has claimed responsibility for resolving this issue. Priority: Medium This issue may be useful, and needs some attention. and removed Priority: Low This issue can probably be picked up by anyone looking to contribute to the project, as an entry fix labels Apr 1, 2022
@azjezz azjezz pinned this issue Apr 1, 2022
@azjezz azjezz added Status: Accepted It's clear what the subject of the issue is about, and what the resolution should be. and removed Status: Available No one has claimed responsibility for resolving this issue. labels Apr 1, 2022
@azjezz
Copy link
Owner

azjezz commented Apr 1, 2022

I have thought about supporting TLS, however, i didn't look into it much, i will give it a go maybe next week and keep this issue updated.

@iggyvolz
Copy link
Author

iggyvolz commented Jul 9, 2022

Is there anything I can do to help move this along? I could submit a PR with bc4f953 (2 line change) which has worked well for me in the past several months. It works well enough without any options, and they could potentially be added later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Accepted It's clear what the subject of the issue is about, and what the resolution should be. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants