AMPHP HTTP Client with usage proxies

Question

I'm trying to use AMPHP HTTP-Client with proxies, and I cannot make it work.

I'm using the example from their GitHub. (https://github.com/amphp/http-tunnel/blob/master/examples/http-client-via-proxy.php)

I have to download 10 URLs and use a different proxy for each URL. The current problem is that it returns this kind of error:

TLS negotiation failed: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
  error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Our proxy servers are using a certificate (.crx) to operate. I don't need to check if the SSL is valid, I just want to skip the validation, so I thought that these lines would do that I need (skip the validation), but they do not... 😔

$clientTlsContext = new ClientTlsContext('');
$clientTlsContext->withoutPeerVerification();
$clientTlsContext->withSecurityLevel(0);

This works for curl:

curl_setopt($curlResource, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curlResource, CURLOPT_SSL_VERIFYHOST, 0);

This is my code:

class AMPHPDownloaderTest
{
    /**
     * @param ConfigWithCallback[] $configsWithCallback
     */
    public static function downSerps($configsWithCallback): void
    {
        Loop::run(static function () use ($configsWithCallback) {
            try {
                $clientTlsContext = new ClientTlsContext('');
                $clientTlsContext->withoutPeerVerification();
                $clientTlsContext->withSecurityLevel(0);

                $connector = new Https1TunnelConnector(new SocketAddress('proxyi2.infatica.io', 44123), $clientTlsContext);

                $client = (new HttpClientBuilder)
                    ->usingPool(new UnlimitedConnectionPool(new DefaultConnectionFactory($connector)))
                    ->build();

                $request = new Request('http://amphp.org/');

                /** @var Response $response */
                $response = yield $client->request($request);

                $request = $response->getRequest();

                \printf(
                    "%s %s HTTP/%s\r\n",
                    $request->getMethod(),
                    $request->getUri(),
                    \implode('+', $request->getProtocolVersions())
                );

                print Rfc7230::formatHeaders($request->getHeaders()) . "\r\n\r\n";

                \printf(
                    "HTTP/%s %d %s\r\n",
                    $response->getProtocolVersion(),
                    $response->getStatus(),
                    $response->getReason()
                );

                print Rfc7230::formatHeaders($response->getHeaders()) . "\r\n\r\n";

                $body = yield $response->getBody()->buffer();
                $bodyLength = \strlen($body);

                if ($bodyLength < 250) {
                    print $body . "\r\n";
                } else {
                    print \substr($body, 0, 250) . "\r\n\r\n";
                    print($bodyLength - 250) . " more bytes\r\n";
                }
            } catch (HttpException $error) {
                echo $error;
            }
        });
    }
}

When used with Http1TunnelConnector instead of Https1TunnelConnector it throws this error:

Amp\Socket\TlsException: TLS negotiation failed: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Answer 1

You're basically doing the right thing, but the ClientTlsContext is immutable and always returns a new instance, which is discarded in your code sample.

$clientTlsContext = (new ClientTlsContext(''))
    ->withoutPeerVerification()
    ->withSecurityLevel(0);