From b510d5aeacd5b0827514a0bd20ad7f42ac64cdf2 Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Fri, 17 Apr 2020 07:35:07 -0700 Subject: [PATCH] Introduced configurable path for certificate chain file. --- README.md | 23 ++++++++++++++++++----- src/org/jsonrpcphp/JsonRPCClient.php | 18 +++++++++++++++++- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d94eec4..1cd6784 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ -JSON-RPC PHP -============ +# JSON-RPC PHP JSON-RPC PHP is a couple of classes written in PHP implementing respectively client and server functionalities of the JSON-RPC protocol. @@ -8,16 +7,30 @@ This software has originally been developed at http://jsonrpcphp.org/ and has been modified to support newer PHP versions and name-spaces; some bugs have been fixed. -To install +# Installation + +With composer command line + ```bash composer require weberhofer/jsonrpcphp ``` -or add this to your composer.json, and ```composer update``` -```JSON +or add this to your composer.json, and `composer update` + +```JSON { "require": { "weberhofer/jsonrpcphp": "~2" } } ``` + +# Dealing with SSL and certificates on the client-side + +Depending on the system environment in which the `JsonRPCClient` is executed, +a proper resolution of CA bundles might not be possible and connections to the +remote server will fail with an error like `unable to get local issuer certificate`. + +In that case, you can fetch the public certificate (or better: the certificate chain) +of the server you want to connect to via SSL, store it in your application and provide +a path to it to the `JsonRPCClient` on construction. diff --git a/src/org/jsonrpcphp/JsonRPCClient.php b/src/org/jsonrpcphp/JsonRPCClient.php index f5d5349..7f9ff40 100644 --- a/src/org/jsonrpcphp/JsonRPCClient.php +++ b/src/org/jsonrpcphp/JsonRPCClient.php @@ -27,6 +27,7 @@ * @license GPLv2+ * @author sergio * @author Johannes Weberhofer + * @author Joschka Seydell */ namespace org\jsonrpcphp; @@ -47,6 +48,13 @@ class JsonRPCClient */ private $url; + /** + * Path to an SSL chain certificate to be used in cURL requests. + * + * @var string + */ + private $serverCertChainFile; + /** * Proxy to be used * @@ -80,12 +88,14 @@ class JsonRPCClient * Takes the connection parameters * * @param string $url + * @param string $serverCertChainFile * @param boolean $debug * @param string $proxy */ - public function __construct($url, $debug = false, $proxy = null) + public function __construct($url, $serverCertChainFile = '', $debug = false, $proxy = null) { $this->url = $url; + $this->serverCertChainFile = $serverCertChainFile; $this->proxy = $proxy; $this->debug = ($this->debug === true); // message id @@ -149,6 +159,12 @@ public function __call($method, $params) // use curl when available; solves problems with allow_url_fopen $ch = curl_init($this->url); curl_setopt($ch, CURLOPT_POST, 1); + // if a custom ssl configuration is provided use this instead of the default settings + if (strlen($this->serverCertChainFile) != 0) { + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($ch, CURLOPT_CAINFO, $this->serverCertChainFile); + } curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-type: application/json' ));