From fc356daaa3766bac7027b32e9e7d23b5db47990c Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 10 Sep 2010 08:29:24 +0000
Subject: [PATCH] SAML2_SOAPClient: Always create stream context.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2539 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/SOAPClient.php | 47 ++++++++++++++++++----------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index 219d03f9d..612b5d40f 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -23,16 +23,16 @@ class SAML2_SOAPClient {
 
 		$issuer = $msg->getIssuer();
 
-		$options = array(
-			'uri' => $issuer,
-			'location' => $msg->getDestination(),
+		$ctxOpts = array(
+			'ssl' => array(
+			),
 		);
 
 		// Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
 		if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
-			$options['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
+			$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
 			if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
-				$options['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+				$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
 			}
 		} else {
 			/* Use the SP certificate and privatekey if it is configured. */
@@ -44,9 +44,9 @@ class SAML2_SOAPClient {
 				if (!file_exists($file)) {
 					SimpleSAML_Utilities::writeFile($file, $keyCertData);
 				}
-				$options['local_cert'] = $file;
+				$ctxOpts['ssl']['local_cert'] = $file;
 				if (isset($privateKey['password'])) {
-					$options['passphrase'] = $privateKey['password'];
+					$ctxOpts['ssl']['passphrase'] = $privateKey['password'];
 				}
 			}
 		}
@@ -68,27 +68,22 @@ class SAML2_SOAPClient {
 				SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
 			}
 			// create ssl context
-			$ctxOpts = array(
-				'ssl' => array(
-					'verify_peer' => TRUE,
-					'verify_depth' => 1,
-					'cafile' => $peerCertFile
-					));
-			if (isset($options['local_cert'])) {
-				$ctxOpts['ssl']['local_cert'] = $options['local_cert'];
-				unset($options['local_cert']);
-			}
-			if (isset($options['passhprase'])) {
-				$ctxOpts['ssl']['passphrase'] = $options['passphrase'];
-				unset($options['passphrase']);
-			}
-			$context = stream_context_create($ctxOpts);
-			if ($context === NULL) {
-				throw new Exception('Unable to create SSL stream context');
-			}
-			$options['stream_context'] = $context;
+			$ctxOpts['ssl']['verify_peer'] = TRUE;
+			$ctxOpts['ssl']['verify_depth'] = 1;
+			$ctxOpts['ssl']['cafile'] = $peerCertFile;
 		}
 
+		$context = stream_context_create($ctxOpts);
+		if ($context === NULL) {
+			throw new Exception('Unable to create SSL stream context');
+		}
+
+		$options = array(
+			'uri' => $issuer,
+			'location' => $msg->getDestination(),
+			'stream_context' => $context,
+		);
+
 		$x = new SoapClient(NULL, $options);
 
 		// Add soap-envelopes
-- 
GitLab