php-amqplib icon indicating copy to clipboard operation
php-amqplib copied to clipboard
verified publisher icon php-amqplib

Fix StreamIO ssl_protocol handling

Open frikiluser opened this issue 3 years ago β€’ 5 comments

Before this changes AMQPSSLConnection class only connect using ssl when $ssl_options is non empty array.

This commit fixes that situation.

While this request is being reviewed, please avoid the widely recommended option:

['verify_peer' => false]

Instead use any of PHP SSL context options [0]. I suggest 'verify_peer' with the default value (true):

['verify_peer' => true]

Best regards,

[0] https://www.php.net/manual/en/context.ssl.php

frikiluser avatar Jul 27 '22 17:07 frikiluser

I think it's broken since cce2d96

frikiluser avatar Jul 27 '22 18:07 frikiluser

Hi, thanks for Your efforts. Can You describe the problem you are trying to solve? Also, tests for your use case are missing.

ramunasd avatar Jul 27 '22 20:07 ramunasd

Hi @ramunasd ,

I would expect all connections using AMQPSSLConnection are SSL.

With the current php-amqplib code it doesn't work that way. By default it uses plain TCP connections even when using AMQPSSLConnection class. To enable real SSL connection the user should set a $ssl_options (PHP SSL context options).

This line opens a plain TCP connection (πŸ‘πŸΎ):

$connection = new AMQPStreamConnection('myhost', 1234, 'user', 'pass');

This line opens a plain TCP connection (😿):

$connection = new AMQPSSLConnection('myhost', 1234, 'user', 'pass');

This line opens a SSL connection (πŸ‘πŸΎ):

$connection = new AMQPSSLConnection('myhost', 1234, 'user', 'pass','/',['verify_peer'=>true]);

After merging this pull request, this line will open a SSL connection (πŸ‘πŸΎπŸ₯³):

$connection = new AMQPSSLConnection('myhost', 1234, 'user', 'pass');

Thanks for your time!

frikiluser avatar Jul 27 '22 20:07 frikiluser

In the future there will be no different connection classes. The recommended way is to use connection factory which is responsible for creating right class for you. However we still support old approach.

Please create test case for this fix.

ramunasd avatar Jul 28 '22 06:07 ramunasd

Codecov Report

Merging #1013 (3449711) into master (b8b8df6) will decrease coverage by 0.49%. The diff coverage is 100.00%.

@@             Coverage Diff              @@
##             master    #1013      +/-   ##
============================================
- Coverage     74.92%   74.42%   -0.50%     
+ Complexity      984      982       -2     
============================================
  Files            35       35              
  Lines          2680     2675       -5     
============================================
- Hits           2008     1991      -17     
- Misses          672      684      +12
Impacted Files Coverage Ξ”
PhpAmqpLib/Wire/IO/StreamIO.php 69.39% <100.00%> (-0.29%) :arrow_down:
PhpAmqpLib/Channel/AMQPChannel.php 57.98% <0.00%> (-3.06%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Aug 09 '22 20:08 codecov[bot]