Skip to content
Snippets Groups Projects
Commit fc356daa authored by Olav Morken's avatar Olav Morken
Browse files

SAML2_SOAPClient: Always create stream context. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2539 44740490-163a-0410-bde0-09ae8108e29a
parent dbf8d56d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SAML2/SOAPClient.php
+ 21
26
View file @ fc356daa
...@@ -23,16 +23,16 @@ class SAML2_SOAPClient { ...@@ -23,16 +23,16 @@ class SAML2_SOAPClient {
$issuer = $msg->getIssuer(); $issuer = $msg->getIssuer();
$options = array( $ctxOpts = array(
'uri' => $issuer, 'ssl' => array(
'location' => $msg->getDestination(), ),
); );
// Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib // Determine if we are going to do a MutualSSL connection between the IdP and SP - Shoaib
if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) { if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
$options['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate')); $ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) { if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
$options['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass'); $ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
} }
} else { } else {
/* Use the SP certificate and privatekey if it is configured. */ /* Use the SP certificate and privatekey if it is configured. */
...@@ -44,9 +44,9 @@ class SAML2_SOAPClient { ...@@ -44,9 +44,9 @@ class SAML2_SOAPClient {
if (!file_exists($file)) { if (!file_exists($file)) {
SimpleSAML_Utilities::writeFile($file, $keyCertData); SimpleSAML_Utilities::writeFile($file, $keyCertData);
} }
$options['local_cert'] = $file; $ctxOpts['ssl']['local_cert'] = $file;
if (isset($privateKey['password'])) { if (isset($privateKey['password'])) {
$options['passphrase'] = $privateKey['password']; $ctxOpts['ssl']['passphrase'] = $privateKey['password'];
} }
} }
} }
...@@ -68,27 +68,22 @@ class SAML2_SOAPClient { ...@@ -68,27 +68,22 @@ class SAML2_SOAPClient {
SimpleSAML_Utilities::writeFile($peerCertFile, $certData); SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
} }
// create ssl context // create ssl context
$ctxOpts = array( $ctxOpts['ssl']['verify_peer'] = TRUE;
'ssl' => array( $ctxOpts['ssl']['verify_depth'] = 1;
'verify_peer' => TRUE, $ctxOpts['ssl']['cafile'] = $peerCertFile;
'verify_depth' => 1,
'cafile' => $peerCertFile
));
if (isset($options['local_cert'])) {
$ctxOpts['ssl']['local_cert'] = $options['local_cert'];
unset($options['local_cert']);
}
if (isset($options['passhprase'])) {
$ctxOpts['ssl']['passphrase'] = $options['passphrase'];
unset($options['passphrase']);
}
$context = stream_context_create($ctxOpts);
if ($context === NULL) {
throw new Exception('Unable to create SSL stream context');
}
$options['stream_context'] = $context;
} }
$context = stream_context_create($ctxOpts);
if ($context === NULL) {
throw new Exception('Unable to create SSL stream context');
}
$options = array(
'uri' => $issuer,
'location' => $msg->getDestination(),
'stream_context' => $context,
);
$x = new SoapClient(NULL, $options); $x = new SoapClient(NULL, $options);
// Add soap-envelopes // Add soap-envelopes
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment