XML-RPC w/SSL (port 443)

Bacteria Man

Posted: 30 December 2006 09:01 PM

[ Ignore ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

I’m using the XML-RPC class to request data from a https URL and port 443, but only get (after a long timeout) the response “No data received from server.”

I’ve confirmed everything is functioning correctly with a regular (non-SSL) http URL and port 80.

Is anyone aware of any issues or tricks using XML-RPC w/SSL?

Profile

sissy

Posted: 31 December 2006 07:17 AM

[ Ignore ] [ # 1 ]

Lab Assistant

Total Posts: 144

Joined 09-08-2006

havent tested myself but a quick look at the src code seems only HTTP is supported…

you could probably mod to suit ur needed or extend it might be better

Profile

Bacteria Man

Posted: 31 December 2006 03:14 PM

[ Ignore ] [ # 2 ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

sissy - 31 December 2006 07:17 AM
havent tested myself but a quick look at the src code seems only HTTP is supported…

you could probably mod to suit ur needed or extend it might be better

Yeah, I have come to the same conclusion since my original post. This seems like an obvious omission, given the web’s current emphasis on security.

I’ll have to investigate what it will take to extend the class for HTTPS support.

Profile

esra

Posted: 31 December 2006 04:07 PM

[ Ignore ] [ # 3 ]

Research Assistant

Total Posts: 899

Joined 07-10-2006

Bacteria Man - 30 December 2006 09:01 PM
I’m using the XML-RPC class to request data from a https URL and port 443, but only get (after a long timeout) the response “No data received from server.”

I’ve confirmed everything is functioning correctly with a regular (non-SSL) http URL and port 80.

Is anyone aware of any issues or tricks using XML-RPC w/SSL?

If the server is running Windows, try port 444 for the heck of it.

Profile

Bacteria Man

Posted: 31 December 2006 06:07 PM

[ Ignore ] [ # 4 ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

I’ve actually discovered the source of the problem since my last post.

The fsockopen() call in function sendPayload of class XML_ needs to include “ssl://”. For example:

$fp = @fsockopen('ssl://' . $this->server, $this->port, $this->errno, $this->errstr, $this->timeout);

(Note: the above is for example only. I’m not suggesting hard-coding the ‘ssl://’ prefix.)

When testing using the above the request returns the expected data. (This exposes a new problem with fread() on line 652, but first things first.)

It seems to me the XML-RPC Client class needs another parameter setting:


$this->xmlrpc->protocol('https');

which could be concatenated with server (host) parameter.

I’m curious to know what others think. All comments/suggestions welcome.

Profile

Bacteria Man

Posted: 04 January 2007 01:34 AM

[ Ignore ] [ # 5 ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

I need some advice on the best way to go about extending the XML-RPC library ever so slightly.

I need to add SSL support to the fsockopen call on line 377.

The current line reads:

$fp = @fsockopen($this->server, $this->port, $this->errno, $this->errstr, $this->timeout);

and needs the ability to prefix the server name with ‘SSL://’ to use an SSL connection like so:

$fp = @fsockopen('ssl://' . $this->server, $this->port, $this->errno, $this->errstr, $this->timeout);

My idea is to add a new property called ‘protocol’ with http (default) or https values allowed.


$this->xmlrpc->protocol('https');

The http value would be an empty string and the https value would be ‘ssl://’. This could be prefixed before the $this->server property like:

$fp = @fsockopen($this->protocol . $this->server, $this->port, $this->errno, $this->errstr, $this->timeout);

or concatenated with the $this->server value beforehand in the XML_RPC_Client constructor. I suspect the latter is probably the preferred method.

What’s the best way to go about implementing this without hacking the XML_RPC_Client class directly?

All comments/suggestions/recommendations greatly appreciated.

Profile

Mark van der Walle

Posted: 04 January 2007 06:19 AM

[ Ignore ] [ # 6 ]

Lab Assistant

Total Posts: 192

Joined 12-22-2006

My advice would be to extend XML-RPC and add the required functionality.
Look here http://www.codeigniter.com/user_guide/general/core_classes.html for more info.

Profile

Tobz

Posted: 30 April 2007 07:39 PM

[ Ignore ] [ # 7 ]

Summer Student

Total Posts: 27

Joined 03-19-2007

I’m trying to do the same thing - use https - but Im having a problem.
I’ve created my extension class (MY_xmlrpc) which is loading fine, but when I make modifications to sendPayload() it is using the original method not my version.

any help would be appreciated.

Profile

Bacteria Man

Posted: 30 April 2007 09:32 PM

[ Ignore ] [ # 8 ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

In a perfect world core libraries should always be extended and never modified directly.

However, I was up against a hard deadline and because the XML-RPC library wasn’t going to be used for anything else in my application modifying the aforementioned line made the most sense.

Tobz’s, when you say “I make modifications to sendPayload()...” do you mean your custom function? I presume you’ve given it a different name.

Profile

Tobz

Posted: 30 April 2007 10:07 PM

[ Ignore ] [ # 9 ]

Summer Student

Total Posts: 27

Joined 03-19-2007

no i mean in MY_xmlrpc I have a method named exactly sendPayload() - copy & pasted in fact - which according to the codeigniter docs should then be run instead of the core xmlrpc sendPayload()—“method overloading”.

“Any functions in your class that are named identically to the functions in the parent class will be used instead of the native ones (this is known as “method overloading"). This allows you to substantially alter the CodeIgniter core.”

this is not working for me.
any ideas?

Profile

Bacteria Man

Posted: 01 May 2007 01:23 AM

[ Ignore ] [ # 10 ]

Research Assistant

Total Posts: 310

Joined 08-16-2006

Right, right, overloading (duh.)

First things first. How have you confirmed the extension is being loaded correctly?

Profile

dioony

Posted: 16 April 2008 07:14 PM

[ Ignore ] [ # 11 ]

Summer Student

Total Posts: 8

Joined 03-12-2008

hi!

this thread is little bit older, but i don’t want to keep my solution private.

the problem is following:

you can’t override sendPayload(...) because it is in another class which also extends CI_Xmlrpc.

my solution was to extend the CI_Xmlrpc and override the server()-method.

class MY_Xmlrpc extends CI_Xmlrpc  {
    
    
    function MY_Xmlrpc($config = array()){
        parent::CI_Xmlrpc($config);
    }
    
    
    function server($url, $port=80)
    {
                    
        $parts = parse_url($url);    
                
        if(!isset($parts["scheme"]) || $parts["scheme"]== ''){
            $url = "http://".$url;            
        }
        
        $parts = parse_url($url);
            
        $path = (!isset($parts['path'])) ? '/' : $parts['path'];
        
        if (isset($parts['query']) && $parts['query'] != '')
        {
            $path .= '?'.$parts['query'];
        }                                    
        $user = (!isset($parts['user'])) ? '' : $parts['user'];
        $pass = (!isset($parts['pass'])) ? '' : $parts['pass'];
        
        $this->client = new MY_XML_RPC_Client($path, $parts['host'], $port, $parts["scheme"]."://", $user, $pass);
    }
}

(i know, that the implementation is not very well, but its necessary to run parse_url twice to allow various schemes (protocols))

now there is a problem with the XML_RPC_Client, because the fsockopen needs the protocol for ssl, but the protocol does not be part of the http-header. therefore i had to write my own XML_RPC_Client. Another reason for doing that, was to add http-authentication-functionality.

class MY_XML_RPC_Client extends MY_Xmlrpc
{
    var $path            = '';
    var $server            = '';
    var $port            = 80;
    var $errno            = '';
    var $errstring        = '';
    var $timeout        = 5;
    var $no_multicall    = false;
    var $protocol        = 'http://';
    var $user            = '';
    var $password        = '';

    function MY_XML_RPC_Client($path, $server, $port=80, $protocol = 'http://', $user = "", $password = "")
    {
        parent::MY_Xmlrpc();        
        $this->protocol = $protocol;
        $this->port = $port;
        $this->server = $server;
        $this->path = $path;
        $this->user = $user;
        $this->password = $password;
    }
    
    function send($msg)
    {
        if (is_array($msg))
        {
            // Multi-call disabled
            $r = new XML_RPC_Response(0, $this->xmlrpcerr['multicall_recursion'],$this->xmlrpcstr['multicall_recursion']);
            return $r;
        }

        return $this->sendPayload($msg);
    }

    function sendPayload($msg)
    {                
            
        $fp = fsockopen($this->protocol.$this->server, $this->port,$this->errno, $this->errstr, $this->timeout);
        
        if (! is_resource($fp))
        {
            
            error_log($this->xmlrpcstr['http_error']);
            $r = new XML_RPC_Response(0, $this->xmlrpcerr['http_error'],$this->xmlrpcstr['http_error']);
            return $r;
        }
        
        if(empty($msg->payload))
        {
            // $msg = XML_RPC_Messages
            $msg->createPayload();
        }        
        
        $r = "\r\n";
        $http_basic_auth = "";
        if($this->user!=""){
            $credentials = base64_encode("{$this->user}:{$this->password}");
            $http_basic_auth = "Authorization: Basic {$credentials}$r";
        }
        
        $op  = "POST {$this->path} HTTP/1.0$r";
        $op .= "Host: {$this->server}$r";
        $op .= "Content-Type: text/xml$r";
        $op .= "User-Agent: {$this->xmlrpcName}$r";
        $op .= $http_basic_auth;
        $op .= "Content-Length: ".strlen($msg->payload). "$r$r";
        
        $op .= $msg->payload;
        

        if (!fputs($fp, $op, strlen($op)))
        {            
            error_log($this->xmlrpcstr['http_error']);
            $r = new XML_RPC_Response(0, $this->xmlrpcerr['http_error'], $this->xmlrpcstr['http_error']);
            return $r;
        }
        $resp = $msg->parseResponse($fp);
        fclose($fp);
        return $resp;
    }

}

with this solution i can connect also via urls like

$this->xmlrpc->server("ssl://max:1234@server-one.com",433);
//or
$this->xmlrpc->server("http://server-two.com/rpc");
//or
$this->xmlrpc->server("server-two.com/rpc");
//or something like that

(due to the $http_basic_auth - notation: i hate this short-if-notation to avoid unclear code… )

most likely there is a better solution, so reply and comment

p.s.: overloading is not the same as override. in this case its override

Profile

kylehase

Posted: 11 May 2008 09:36 PM

[ Ignore ] [ # 12 ]

Grad Student

Total Posts: 43

Joined 10-22-2007

I know this is old but it still exists in 1.6.1.

Wouldn’t the best solution be to fix the core library to detect the protocol used in the request and respond the same way? Respond HTTP for HTTP requests and respond in SSL for HTTPS requests.

--Update--
I realize now that this method only affects sending the request, not the response so my statement above is irrelevant.

Profile

‹‹ An Error Was Encountered Sending Email Problem failed with errno=32 Broken pipe ››

Username		Remember Me?
Password		forgot password?

Post Marker Legend
	New posts	Hot Topic with new posts	New Poll	Moved Topic	Sticky topic
	No new posts	Hot Topic with no new posts	Old Poll	Closed Topic	Announcements

Visitor Statistics
The most visitors ever was 719, on June 06, 2008 10:16 AM
Total Registered Members:	61049	Total Logged-in Users:	14
Total Topics:	73853	Total Anonymous Users:	0
Total Replies:	398364	Total Guests:	281
Total Posts:	472217