summaryrefslogtreecommitdiff
path: root/lib/httpclient.php
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-05-21 10:12:39 -0700
committerBrion Vibber <brion@pobox.com>2010-05-21 10:12:39 -0700
commit2c12d837c693a816541d32dd044de5277a46336d (patch)
treeef0594db2067afbd93bbc3e702ace595319a9250 /lib/httpclient.php
parent68305d4b6848cec6afe887ee2a5735515060770e (diff)
Disable SSL peer/hostname verification for HTTPClient unless we've configured a trusted CA bundle like this: $config['http']['ssl_cafile'] = '/usr/lib/ssl/certs/ca-certificates.crt';
The previous state was failing on all HTTPS hits due to HTTP_Request2 library turning on the validation check but not specifying a CA file.
Diffstat (limited to 'lib/httpclient.php')
-rw-r--r--lib/httpclient.php14
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/httpclient.php b/lib/httpclient.php
index 384626ae0..b69f718e5 100644
--- a/lib/httpclient.php
+++ b/lib/httpclient.php
@@ -132,7 +132,19 @@ class HTTPClient extends HTTP_Request2
// ought to be investigated to see if we can handle
// it gracefully in that case as well.
$this->config['protocol_version'] = '1.0';
-
+
+ // Default state of OpenSSL seems to have no trusted
+ // SSL certificate authorities, which breaks hostname
+ // verification and means we have a hard time communicating
+ // with other sites' HTTPS interfaces.
+ //
+ // Turn off verification unless we've configured a CA bundle.
+ if (common_config('http', 'ssl_cafile')) {
+ $this->config['ssl_cafile'] = common_config('http', 'ssl_cafile');
+ } else {
+ $this->config['ssl_verify_peer'] = false;
+ }
+
parent::__construct($url, $method, $config);
$this->setHeader('User-Agent', $this->userAgent());
}