socket icon indicating copy to clipboard operation
socket copied to clipboard
verified publisher icon reactphp

SecureConnector: add optional TlsPeer, this...

Open Thomas-Gelf opened this issue 5 years ago • 5 comments

...allows to capture your peer certificate and/or it's chain

Thomas-Gelf avatar Sep 25 '20 10:09 Thomas-Gelf

After various approaches, this seemed to be the most promising one. However, please let me know in case you want to move it elsewhere.

Just in case you're wondering, I also tried to combine this with the Browser, which was pretty tricky. First I applied some getters to various connectors, allowing me to dig a hole down through all those nested Connectors. But then I finally settled with a new ConnectedConnector, allowing me to first connect, get the Connection-instance, retrieve the certificate - and then pass on the already connected/established connection to the Browser:

<?php

final class ConnectedConnector implements ConnectorInterface
{
    private $connection;

    public function __construct(ConnectionInterface $connection)
    {
        $this->connection = $connection;
    }

    public function connect($uri)
    {
        return resolve($this->connection);
    }
}

Thomas-Gelf avatar Sep 25 '20 11:09 Thomas-Gelf

NB: Checks are failing, but for an unrelated reason

Thomas-Gelf avatar Sep 25 '20 11:09 Thomas-Gelf

@WyriHaximus: glad that you like it! Use case: different ones. Right now I'm using it for an upcoming Icinga module where I want to ask the user to confirm whether he wants to add an unknown CA certificate to it's trust store. Once the CA is confirmed, the (ReactPHP-based) daemon needs to generate a CSR and to deal with the signing process.

In future I'd love to also use it for already existing components like our certificate monitoring

Thomas-Gelf avatar Sep 27 '20 18:09 Thomas-Gelf

@Thomas-Gelf That's pretty amazing! Looking forward to the certificate monitoring component ReactPHP use, feel free to tag me when that comes

WyriHaximus avatar Sep 27 '20 20:09 WyriHaximus

@Thomas-Gelf Thanks for looking into this and filing this PR! Love to see how @ReactPHP is used as part of @Icinga!

Unfortunately, this PR currently uses the internal Connection API which is not otherwise exposed to the outside at the moment. Do we need to expose this class or can we find a way to somehow expose this using the existing interfaces? I'm also not opposed to expose the underlying stream resource for more direct access, but I still wonder how we could make this work without introducing a BC break.

What are your thoughts on this? I'm also happy to jump on a quick call to discuss this in person if you want (see my profile for details) :+1:

clue avatar Sep 03 '21 12:09 clue