diff options
| author | Lilli <lilli@janrain.com> | 2010-02-12 12:28:53 -0800 |
|---|---|---|
| committer | Lilli <lilli@janrain.com> | 2010-02-12 12:28:53 -0800 |
| commit | a98cbcab135e9867bb3aea5d8e112cb7f7b52560 (patch) | |
| tree | 98aa312c1cb2edc21943e37354123b5031d018f5 /Auth | |
| parent | a6b4f0897dcbdd0328f0781ef2d0eb9596411113 (diff) | |
| download | php-openid-a98cbcab135e9867bb3aea5d8e112cb7f7b52560.zip php-openid-a98cbcab135e9867bb3aea5d8e112cb7f7b52560.tar.gz php-openid-a98cbcab135e9867bb3aea5d8e112cb7f7b52560.tar.bz2 | |
Added the following patch from the dev@openidenabled.com mailing list:
http://lists.openidenabled.com/pipermail/dev/attachments/20090928/2d616914/attachment.bin
Original Message:
anthony.lenton at canonical.com anthony.lenton at canonical.com
Mon Sep 28 11:30:12 PDT 2009
darcs patch: cURL verify host
"With this patch, if you define Auth_Openid_VERIFY_HOST cURL will enable host verification on ssl connections, for added security."
This patch was in the form of a Darcs patch, not a normal patch. So solve this, I applied it to the Darcs repository found on openidenabled, then created a new diff file between the original Darcs repo and the new one (with the patch applied) so that I could apply it to this git repo.
All hunks were applied successfully.
Diffstat (limited to 'Auth')
| -rw-r--r-- | Auth/Yadis/ParanoidHTTPFetcher.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/Auth/Yadis/ParanoidHTTPFetcher.php b/Auth/Yadis/ParanoidHTTPFetcher.php index ecc1821..4da7c94 100644 --- a/Auth/Yadis/ParanoidHTTPFetcher.php +++ b/Auth/Yadis/ParanoidHTTPFetcher.php @@ -128,6 +128,10 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { curl_setopt($c, CURLOPT_TIMEOUT, $off); curl_setopt($c, CURLOPT_URL, $url); + if (defined('Auth_OpenID_VERIFY_HOST')) { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + } curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); @@ -148,6 +152,11 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { $redir = false; curl_close($c); + if (defined('Auth_OpenID_VERIFY_HOST') && + $this->isHTTPS($url)) { + Auth_OpenID::log('OpenID: Verified SSL host %s using '. + 'curl/get', $url); + } $new_headers = array(); foreach ($headers as $header) { @@ -192,15 +201,26 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { curl_setopt($c, CURLOPT_WRITEFUNCTION, array($this, "_writeData")); + if (defined('Auth_OpenID_VERIFY_HOST')) { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + } + curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); if (!$code) { Auth_OpenID::log("Got no response code when fetching %s", $url); + Auth_OpenID::log("CURL error (%s): %s", + curl_errno($c), curl_error($c)); return null; } + if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) { + Auth_OpenID::log('OpenID: Verified SSL host %s using '. + 'curl/post', $url); + } $body = $this->data; curl_close($c); |