GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

ssl_verify_host option in config (default is true)

Browse Source
This commit is contained in:
Mikael Nordfeldth 2015-01-22 12:21:57 +01:00
parent 5c7ad2e031
commit 964d13792b
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/default.php
View File

@ -345,7 +345,8 @@ $default =
'maxurllength' => 100, 'maxurllength' => 100,
'maxnoticelength' => -1), 'maxnoticelength' => -1),
'http' => // HTTP client settings when contacting other sites 'http' => // HTTP client settings when contacting other sites
array('ssl_cafile' => false, // To enable SSL cert validation, point to a CA bundle (eg '/usr/lib/ssl/certs/ca-certificates.crt') array('ssl_cafile' => false, // To enable SSL cert validation, point to a CA bundle (eg '/usr/lib/ssl/certs/ca-certificates.crt') (this activates "ssl_verify_peer")
'ssl_verify_host' => true, // HTTPRequest2 makes sure this is set to CURLOPT_SSL_VERIFYHOST==2 if using curl
'curl' => false, // Use CURL backend for HTTP fetches if available. (If not, PHP's socket streams will be used.) 'curl' => false, // Use CURL backend for HTTP fetches if available. (If not, PHP's socket streams will be used.)
'proxy_host' => null, 'proxy_host' => null,
'proxy_port' => null, 'proxy_port' => null,

4
lib/httpclient.php
View File

@ -145,6 +145,10 @@ class HTTPClient extends HTTP_Request2
$this->config['ssl_verify_peer'] = false; $this->config['ssl_verify_peer'] = false;
} }
// This means "verify the cert hostname against what we connect to", it does not
// imply CA trust or anything like that. Just the hostname.
$this->config['ssl_verify_host'] = common_config('http', 'ssl_verify_host');
if (common_config('http', 'curl') && extension_loaded('curl')) { if (common_config('http', 'curl') && extension_loaded('curl')) {
$this->config['adapter'] = 'HTTP_Request2_Adapter_Curl'; $this->config['adapter'] = 'HTTP_Request2_Adapter_Curl';
} }