Skip to content

Commit a98cbca

Browse files
author
Lilli
committed
Added the following patch from the [email protected] mailing list:
http://lists.openidenabled.com/pipermail/dev/attachments/20090928/2d616914/attachment.bin Original Message: anthony.lenton at canonical.com anthony.lenton at canonical.com Mon Sep 28 11:30:12 PDT 2009 darcs patch: cURL verify host "With this patch, if you define Auth_Openid_VERIFY_HOST cURL will enable host verification on ssl connections, for added security." This patch was in the form of a Darcs patch, not a normal patch. So solve this, I applied it to the Darcs repository found on openidenabled, then created a new diff file between the original Darcs repo and the new one (with the patch applied) so that I could apply it to this git repo. All hunks were applied successfully.
1 parent a6b4f08 commit a98cbca

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

Auth/Yadis/ParanoidHTTPFetcher.php

+20
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,10 @@ function get($url, $extra_headers = null)
128128
curl_setopt($c, CURLOPT_TIMEOUT, $off);
129129
curl_setopt($c, CURLOPT_URL, $url);
130130

131+
if (defined('Auth_OpenID_VERIFY_HOST')) {
132+
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
133+
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
134+
}
131135
curl_exec($c);
132136

133137
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -148,6 +152,11 @@ function get($url, $extra_headers = null)
148152
$redir = false;
149153
curl_close($c);
150154

155+
if (defined('Auth_OpenID_VERIFY_HOST') &&
156+
$this->isHTTPS($url)) {
157+
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
158+
'curl/get', $url);
159+
}
151160
$new_headers = array();
152161

153162
foreach ($headers as $header) {
@@ -192,15 +201,26 @@ function post($url, $body, $extra_headers = null)
192201
curl_setopt($c, CURLOPT_WRITEFUNCTION,
193202
array($this, "_writeData"));
194203

204+
if (defined('Auth_OpenID_VERIFY_HOST')) {
205+
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
206+
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
207+
}
208+
195209
curl_exec($c);
196210

197211
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
198212

199213
if (!$code) {
200214
Auth_OpenID::log("Got no response code when fetching %s", $url);
215+
Auth_OpenID::log("CURL error (%s): %s",
216+
curl_errno($c), curl_error($c));
201217
return null;
202218
}
203219

220+
if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
221+
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
222+
'curl/post', $url);
223+
}
204224
$body = $this->data;
205225

206226
curl_close($c);

0 commit comments

Comments
 (0)