Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F727134
D470.id1216.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Mon, Jan 6, 7:22 AM
Size
8 KB
Mime Type
text/x-diff
Expires
Tue, Jan 7, 7:22 AM (2 d, 23 h ago)
Engine
blob
Format
Raw Data
Handle
536801
Attached To
D470: INP-1866 - Verify SSL certificate on cURL connections
D470.id1216.diff
View Options
Index: branches/5.2.x/composer.json
===================================================================
--- branches/5.2.x/composer.json
+++ branches/5.2.x/composer.json
@@ -5,7 +5,8 @@
"paragonie/random_compat": "^2.0",
"symfony/polyfill-php55": "^1.19",
"symfony/polyfill-php56": "^1.19",
- "mtdowling/cron-expression": "dev-master"
+ "mtdowling/cron-expression": "dev-master",
+ "composer/ca-bundle": "^1.4"
},
"require-dev": {
"behat/mink": "^1.7",
Index: branches/5.2.x/composer.lock
===================================================================
--- branches/5.2.x/composer.lock
+++ branches/5.2.x/composer.lock
@@ -4,9 +4,85 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "e44d657cbe6f1c15496b087609a60d98",
+ "content-hash": "922fac12a67a2841a04bbbc90747f1e5",
"packages": [
{
+ "name": "composer/ca-bundle",
+ "version": "1.4.2",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/composer/ca-bundle.git",
+ "reference": "18fc0ab083a48f85bfee31f3786537353b8a8403"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/composer/ca-bundle/zipball/18fc0ab083a48f85bfee31f3786537353b8a8403",
+ "reference": "18fc0ab083a48f85bfee31f3786537353b8a8403",
+ "shasum": ""
+ },
+ "require": {
+ "ext-openssl": "*",
+ "ext-pcre": "*",
+ "php": "^5.3.2 || ^7.0 || ^8.0"
+ },
+ "require-dev": {
+ "phpstan/phpstan": "^0.12.55",
+ "psr/log": "^1.0",
+ "symfony/phpunit-bridge": "^4.2 || ^5",
+ "symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0 || ^6.0 || ^7.0"
+ },
+ "type": "library",
+ "extra": {
+ "branch-alias": {
+ "dev-main": "1.x-dev"
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "Composer\\CaBundle\\": "src"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Jordi Boggiano",
+ "email": "j.boggiano@seld.be",
+ "homepage": "http://seld.be"
+ }
+ ],
+ "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
+ "keywords": [
+ "cabundle",
+ "cacert",
+ "certificate",
+ "ssl",
+ "tls"
+ ],
+ "support": {
+ "irc": "irc://irc.freenode.org/composer",
+ "issues": "https://github.com/composer/ca-bundle/issues",
+ "source": "https://github.com/composer/ca-bundle/tree/1.4.2"
+ },
+ "funding": [
+ {
+ "url": "https://packagist.com",
+ "type": "custom"
+ },
+ {
+ "url": "https://github.com/composer",
+ "type": "github"
+ },
+ {
+ "url": "https://tidelift.com/funding/github/packagist/composer/composer",
+ "type": "tidelift"
+ }
+ ],
+ "time": "2024-03-14T13:20:33+00:00"
+ },
+ {
"name": "ircmaxell/password-compat",
"version": "v1.0.4",
"source": {
Index: branches/5.2.x/core/units/helpers/curl_helper.php
===================================================================
--- branches/5.2.x/core/units/helpers/curl_helper.php
+++ branches/5.2.x/core/units/helpers/curl_helper.php
@@ -12,6 +12,8 @@
* See http://www.in-portal.org/license for copyright notices and details.
*/
+use Composer\CaBundle\CaBundle;
+
defined('FULL_PATH') or die('restricted access!');
class kCurlHelper extends kHelper {
@@ -39,18 +41,16 @@
/**
* Response waiting timeout in seconds
*
- * @var int
- * @access public
+ * @var integer
*/
- public $timeout = 90;
+ public $timeout;
/**
* Follow to url, if redirect received instead of document (only works when open_basedir and safe mode is off)
*
- * @var bool
- * @access public
+ * @var boolean
*/
- public $followLocation = false;
+ public $followLocation;
/**
* Last response received by Curl
@@ -95,50 +95,58 @@
/**
* Default request method
*
- * @var int
- * @access protected
+ * @var integer
*/
- protected $requestMethod = self::REQUEST_METHOD_GET;
+ protected $requestMethod;
/**
* Data to be sent using curl
*
* @var string
- * @access protected
*/
- protected $requestData = '';
+ protected $requestData;
/**
* Request headers (associative array)
*
* @var Array
- * @access protected
*/
- protected $requestHeaders = Array ();
+ protected $requestHeaders;
/**
* Response headers
*
* @var Array
- * @access protected
*/
- protected $responseHeaders = Array ();
+ protected $responseHeaders;
/**
* CURL options
*
* @var Array
- * @access protected
*/
- protected $options = Array ();
+ protected $options;
/**
* Indicates debug mode status
*
- * @var bool
- * @access public
+ * @var boolean
*/
- public $debugMode = false;
+ public $debugMode;
+
+ /**
+ * SSL Certificates file.
+ *
+ * @var string
+ */
+ protected $sslCertificatesFile;
+
+ /**
+ * Verify SSL certificates.
+ *
+ * @var boolean
+ */
+ protected $verifySslCertificate;
/**
* Creates an instance of kCurlHelper class
@@ -148,6 +156,8 @@
parent::__construct();
$this->debugMode = kUtil::constOn('DBG_CURL');
+
+ $this->_resetSettings();
}
/**
@@ -164,6 +174,8 @@
$this->requestHeaders = Array ();
$this->responseHeaders = Array ();
$this->options = Array ();
+ $this->sslCertificatesFile = CaBundle::getSystemCaRootBundlePath();
+ $this->verifySslCertificate = true;
}
/**
@@ -206,14 +218,20 @@
CURLOPT_REFERER => PROTOCOL.SERVER_NAME,
CURLOPT_MAXREDIRS => 5,
- // don't verify SSL certificates
- CURLOPT_SSL_VERIFYPEER => false,
- CURLOPT_SSL_VERIFYHOST => false,
-
// Prevents CURL from adding "Expect: 100-continue" header for POST requests.
CURLOPT_HTTPHEADER => Array ('Expect:'),
);
+ if ( $this->verifySslCertificate ) {
+ $default_options[CURLOPT_SSL_VERIFYHOST] = 2;
+ $default_options[CURLOPT_SSL_VERIFYPEER] = true;
+ $default_options[CURLOPT_CAINFO] = $this->sslCertificatesFile;
+ }
+ else {
+ $default_options[CURLOPT_SSL_VERIFYHOST] = false;
+ $default_options[CURLOPT_SSL_VERIFYPEER] = false;
+ }
+
if ( isset($_SERVER['HTTP_USER_AGENT']) ) {
$default_options[CURLOPT_USERAGENT] = $_SERVER['HTTP_USER_AGENT'];
}
@@ -340,6 +358,37 @@
}
/**
+ * Disables SSL certificate validation.
+ *
+ * @return void
+ */
+ public function disableSslCertificateVerification()
+ {
+ $this->verifySslCertificate = false;
+ }
+
+ /**
+ * Enable SSL certificate validation.
+ *
+ * @param string|null $certificates_file Certificates file.
+ *
+ * @return void
+ * @throws RuntimeException When given certificates file doesn't exist on disk.
+ */
+ public function enableSslCertificateVerification($certificates_file = null)
+ {
+ $this->verifySslCertificate = true;
+
+ if ( $certificates_file !== null ) {
+ if ( !file_exists($certificates_file) ) {
+ throw new RuntimeException('The "' . $certificates_file . '" file does not exist.');
+ }
+
+ $this->sslCertificatesFile = $certificates_file;
+ }
+ }
+
+ /**
* Performs CURL request and returns it's result
*
* @param string $url
Event Timeline
Log In to Comment