diff options
| -rw-r--r-- | Auth/Yadis/ParanoidHTTPFetcher.php | 32 | ||||
| -rw-r--r-- | examples/detect.php | 6 |
2 files changed, 30 insertions, 8 deletions
diff --git a/Auth/Yadis/ParanoidHTTPFetcher.php b/Auth/Yadis/ParanoidHTTPFetcher.php index 4da7c94..c44adfe 100644 --- a/Auth/Yadis/ParanoidHTTPFetcher.php +++ b/Auth/Yadis/ParanoidHTTPFetcher.php @@ -129,9 +129,19 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { curl_setopt($c, CURLOPT_URL, $url); if (defined('Auth_OpenID_VERIFY_HOST')) { - curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); - curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + // set SSL verification options only if Auth_OpenID_VERIFY_HOST + // is explicitly set, otherwise use system default. + if (Auth_OpenID_VERIFY_HOST) { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + if (defined('Auth_OpenID_CAINFO')) { + curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO); + } + } else { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); + } } + curl_exec($c); $code = curl_getinfo($c, CURLINFO_HTTP_CODE); @@ -153,6 +163,7 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { curl_close($c); if (defined('Auth_OpenID_VERIFY_HOST') && + Auth_OpenID_VERIFY_HOST == true && $this->isHTTPS($url)) { Auth_OpenID::log('OpenID: Verified SSL host %s using '. 'curl/get', $url); @@ -202,8 +213,17 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { array($this, "_writeData")); if (defined('Auth_OpenID_VERIFY_HOST')) { - curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); - curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + // set SSL verification options only if Auth_OpenID_VERIFY_HOST + // is explicitly set, otherwise use system default. + if (Auth_OpenID_VERIFY_HOST) { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); + if (defined('Auth_OpenID_CAINFO')) { + curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO); + } + } else { + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); + } } curl_exec($c); @@ -217,7 +237,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher { return null; } - if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) { + if (defined('Auth_OpenID_VERIFY_HOST') && + Auth_OpenID_VERIFY_HOST == true && + $this->isHTTPS($url)) { Auth_OpenID::log('OpenID: Verified SSL host %s using '. 'curl/post', $url); } diff --git a/examples/detect.php b/examples/detect.php index f745739..3c13a5a 100644 --- a/examples/detect.php +++ b/examples/detect.php @@ -368,7 +368,7 @@ function detect_stores($r, &$out) $out .= $r->p('If you are using the filesystem store, your ' . 'data directory must be readable and writable by ' . - $web_user . ' and not availabe over the Web.'); + $web_user . ' and not available over the Web.'); return true; } @@ -434,7 +434,7 @@ function detect_fetcher($r, &$out) $ok = true; $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $fetch_url = 'http://gist.github.com/raw/465630/c57eff55ebc0c54973903af5f72bac72762cf4f4/helloworld'; + $fetch_url = 'https://raw.github.com/gist/465630/c57eff55ebc0c54973903af5f72bac72762cf4f4/helloworld'; $expected_url = $fetch_url;// . '.txt'; $result = $fetcher->get($fetch_url); @@ -455,7 +455,7 @@ function detect_fetcher($r, &$out) if ($url == $fetch_url) { $msg = 'The redirected URL was not returned.'; } else { - $msg = 'An unexpected URL was returned: <' . $url . '>.'; + $msg = 'An unexpected URL was returned: ' . $url . '.'; } $parts[] = $r->b($msg); } |