From 4e51d9e882583855669ff324c343146c29c384fe Mon Sep 17 00:00:00 2001 From: aminovfariz Date: Thu, 28 May 2026 11:45:52 +0200 Subject: [PATCH] fix(auth): use file_get_contents for OIDC GET requests to work around libcurl 8.14/OpenSSL 3.5 TLS fingerprint rejection by Microsoft Co-Authored-By: Claude Sonnet 4.6 --- core/Service/Auth/OidcHttpGateway.php | 44 +++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/core/Service/Auth/OidcHttpGateway.php b/core/Service/Auth/OidcHttpGateway.php index 7486ca9..16039d3 100644 --- a/core/Service/Auth/OidcHttpGateway.php +++ b/core/Service/Auth/OidcHttpGateway.php @@ -11,6 +11,50 @@ class OidcHttpGateway */ public function call(string $method, string $url, mixed $data = '', array $headers = []): array { + if (strtoupper($method) === 'GET') { + return $this->getWithStream($url, $headers); + } return Curl::call($method, $url, $data, $headers); } + + /** + * @param array $headers + */ + private function getWithStream(string $url, array $headers): array + { + $headerLines = []; + foreach ($headers as $key => $value) { + $headerLines[] = $key . ': ' . $value; + } + $ctx = stream_context_create([ + 'http' => [ + 'method' => 'GET', + 'header' => implode("\r\n", $headerLines), + 'ignore_errors' => true, + ], + 'ssl' => [ + 'verify_peer' => true, + 'verify_peer_name' => true, + ], + ]); + $body = @file_get_contents($url, false, $ctx); + $status = 0; + $responseHeaders = []; + if (isset($http_response_header) && is_array($http_response_header)) { + foreach ($http_response_header as $i => $line) { + if ($i === 0 && preg_match('/HTTP\/[\d.]+ (\d+)/', $line, $m)) { + $status = (int) $m[1]; + } elseif (str_contains($line, ': ')) { + [$k, $v] = explode(': ', $line, 2); + $responseHeaders[$k] = $v; + } + } + } + return [ + 'status' => $status, + 'headers' => $responseHeaders, + 'data' => is_string($body) ? $body : '', + 'url' => $url, + ]; + } }