Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added SSL verification to PHPHttpRequest.

Browse source 
PHP's stream context options support SSL server verification as well a CN matching and provision of
CA info.
Added options to the stream context so that the $sslVerifyHost, $sslVerifyCert, and $caInfo
parameters now work in non-CURL environments.

Change-Id: Iab2bda1ebcf20b625b019c91ae6352b5405dcc01
This commit is contained in:
Tyler Anthony Romeo 2013-03-18 17:46:39 -04:00 committed by Gerrit Code Review
parent 58f71c7e9e
commit 1c927b1df2
1 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
includes/HttpFunctions.php
View file

@ -46,9 +46,9 @@ class Http {
* Otherwise it will use $wgHTTPProxy (if set)
* Otherwise it will use the environment variable "http_proxy" (if set)
* - noProxy Don't use any proxy at all. Takes precedence over proxy value(s).
* - sslVerifyHost (curl only) Verify hostname against certificate
* - sslVerifyCert (curl only) Verify SSL certificate
* - caInfo (curl only) Provide CA information
* - sslVerifyHost Verify hostname against certificate
* - sslVerifyCert Verify SSL certificate
* - caInfo Provide CA information
* - maxRedirects Maximum number of redirects to follow (defaults to 5)
* - followRedirects Whether to follow redirects (defaults to false).
* Note: this should only be used when the target URL is trusted,
@ -885,7 +885,23 @@ class PhpHttpRequest extends MWHttpRequest {
$options['timeout'] = $this->timeout;
$context = stream_context_create( array( 'http' => $options ) );
if ( $this->sslVerifyHost ) {
$options['CN_match'] = $this->parsedUrl['host'];
}
if ( $this->sslVerifyCert ) {
$options['verify_peer'] = true;
}
if ( is_dir( $this->caInfo ) ) {
$options['capath'] = $this->caInfo;
} elseif ( is_file( $this->caInfo ) ) {
$options['cafile'] = $this->caInfo;
} elseif ( $this->caInfo ) {
throw new MWException( "Invalid CA info passed: {$this->caInfo}" );
}
$scheme = $this->parsedUrl['scheme'];
$context = stream_context_create( array( "$scheme" => $options ) );
$this->headerList = array();
$reqCount = 0;