Page MenuHomePhabricator

Introduce PhutilHTTPEngineExtension, for flexibly compromising SSL
ClosedPublic

Authored by epriestley on Jun 9 2016, 6:45 PM.
Tags
None
Referenced Files
F12850207: D16090.id.diff
Fri, Mar 29, 5:19 AM
F12842438: D16090.diff
Thu, Mar 28, 10:01 PM
Unknown Object (File)
Sat, Mar 23, 11:05 PM
Unknown Object (File)
Feb 11 2024, 10:13 PM
Unknown Object (File)
Feb 3 2024, 10:44 AM
Unknown Object (File)
Jan 25 2024, 12:05 AM
Unknown Object (File)
Jan 9 2024, 7:12 PM
Unknown Object (File)
Jan 9 2024, 10:38 AM
Subscribers
None

Details

Summary

Ref T10227. Currently, we have a weird one-off thing in arc for blindly trusting domains, since this was easier than dealing with all the users using self-signed certificates.

Convert this into a modular extension and extend it to support certificates with bad hostnames (maybe plausibly legitimate when connecting to a machine via different interfaces? I guess?) and proxies.

This is the first of three changes which bring support to all of libphutil, arcanist, and Phabricator.

Test Plan
  • Defined a "trust authority" extension, saw it trust/not trust authority.
  • Defined a "proxy" extension, saw requests go through a proxy.
  • Used --trace, saw proxy in trace.

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Introduce PhutilHTTPEngineExtension, for flexibly compromising SSL.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Jun 9 2016, 6:57 PM