[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10984 [meek]: PHP relay for meek
#10984: PHP relay for meek
-------------------------+----------------------------
Reporter: arlolra | Owner: dcf
Type: defect | Status: needs_revision
Priority: normal | Milestone:
Component: meek | Version:
Resolution: | Keywords: meek
Actual Points: | Parent ID:
Points: |
-------------------------+----------------------------
Changes (by dcf):
* status: new => needs_revision
Comment:
This PHP reflector is undeniably useful. I just used it to prototype a
reflector on Azure Websites for #13189.
I'm still doubtful about the quality of code derived from GoAgent and I
wish we didn't have to include the huge license. I think we can simplify
it quite a bit with a new implementation?
We don't actually have to reflect Content-Type. I think we can replace all
the GetHeaders code with just:
{{{
$headerArray = array();
if (array_key_exists("HTTP_X_SESSION_ID", $_SERVER)) {
$headerArray[] = "X-Session-Id: " . $_SERVER["HTTP_X_SESSION_ID"];
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArray);
}}}
Likewise, I think you can replace all the method processing code with
just:
{{{
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $_SERVER['REQUEST_METHOD']);
curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents("php://input"));
}}}
I found I had to change
[http://php.net/manual/en/reserved.variables.httprawpostdata.php
$HTTP_RAW_POST_DATA] to file_get_contents("php://input") since
[https://gitweb.torproject.org/pluggable-
transports/meek.git/commitdiff/b1f6a7ece3adaf8a781a5a97877fcf0f20c736a7
b1f6a7ec] which removed Content-Type from the header.
I was going to suggest using the HTTPS bridge by default, but I tried it
an Azure must not have a trusted CA list installed. It prints:
{{{
502 Urlfetch Error
PHP Urlfetch Error: curl(60)
SSL certificate problem: unable to get local issuer certificate
}}}
It turns out that
[http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
CURLOPT_SSL_VERIFYHOST] is not a boolean, but an integer. 0 means
something unsafe, 1 means something unsafe, and 2 is what you want.
Unfortunately true is converted to 1. It's used as an example of a bad API
in [https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf this paper]. It looks
like PHP has our back though; I saw this message in the log:
{{{
PHP Notice: curl_setopt_array(): CURLOPT_SSL_VERIFYHOST no longer accepts
the value 1, value 2 will be used instead in index.php on line 111
}}}
Do you think you can get the file down to 50 lines? I think it should be
possible and then I'll like it better.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10984#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs