Validate SSL-Certificate about kickoff HOT 6 CLOSED

Hi @mookman288

thats a nice starting point. What I completely dislike is, that we have to re-request the page inside the rules implementation.
As you pointed out, Guzzle does not seem to provide those infos, so we have to think how we can retrieve those information during the inital request. Maybe Guzzle is the wrong library here. I do not stick with it, if there is an adequate substitute.
Any suggestions?

PS: I moved the comment from the PR, since it is more obvious to find a general discussion on the issue board, than to search in some PRs.

from kickoff.

@frickelbruder I believe that stream_context doesn't actually make a second request:

http://stackoverflow.com/a/3081093/1617361

EDIT: This option is better since it doesn't actually make the HTTP request and does not require allow_url_fopen:

The downside is, as I illustrated, limited amount of information and a need to override PHP warnings.

Guzzle does provide the information that you need, it's just the way you've written your software, you're making the request automatically before the rule is even run.

If you, instead, made it so the rule can specify whether it should automatically make a guzzle request, we can go head and try and query for the certificate itself:

http://stackoverflow.com/a/28516592/1617361

from kickoff.

@mookman288

I'm quite sure stream_socket_client opens a new connection:
http://php.net/manual/de/function.stream-socket-client.php

stream_socket_client — Open Internet or Unix domain socket connection

But as far as I understand, the page content would not be downloaded by the script, because you need to fread the content, which your Rule didn't.

Anyway:

Guzzle does provide the information that you need

How could I retrieve them, if I would fetch those information directly in the HTTPRequester (besides removing verify=false and break all other tests instantly)?

from kickoff.

https://docs.aws.amazon.com/aws-sdk-php/v2/api/class-Guzzle.Http.Curl.CurlHandle.html#_getInfo

You can use CURLINFO_CERTINFO as your constant with the getInfo function in Guzzle.

That would allow you to then use the x509 openssl functions in PHP.

EDIT: I suggest allowing us to specify this outside of the rule, because you don't want to do extra work on every request.

from kickoff.

This looks great, but it would limit us to Guzzle’s cURL handler since the Stream handler doesn’t seem to support that.

Also, the ‘vanilla’ cURL handler only returns that information for failed requests and not in general. If the request already failed we don’t really need the certificate anymore, though.

from kickoff.

There is now a simple SSL check rule implemented.
Thanks @hanzi

from kickoff.