diff options
-rw-r--r-- | lib/default.php | 3 | ||||
-rw-r--r-- | lib/httpclient.php | 13 |
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/default.php b/lib/default.php index dcf225d1f..45a4560ff 100644 --- a/lib/default.php +++ b/lib/default.php @@ -315,6 +315,7 @@ $default = 'members' => true, 'peopletag' => true), 'http' => // HTTP client settings when contacting other sites - array('ssl_cafile' => false // To enable SSL cert validation, point to a CA bundle (eg '/usr/lib/ssl/certs/ca-certificates.crt') + array('ssl_cafile' => false, // To enable SSL cert validation, point to a CA bundle (eg '/usr/lib/ssl/certs/ca-certificates.crt') + 'curl' => false, // Use CURL backend for HTTP fetches if available. (If not, PHP's socket streams will be used.) ), ); diff --git a/lib/httpclient.php b/lib/httpclient.php index b69f718e5..514a5afeb 100644 --- a/lib/httpclient.php +++ b/lib/httpclient.php @@ -145,6 +145,10 @@ class HTTPClient extends HTTP_Request2 $this->config['ssl_verify_peer'] = false; } + if (common_config('http', 'curl') && extension_loaded('curl')) { + $this->config['adapter'] = 'HTTP_Request2_Adapter_Curl'; + } + parent::__construct($url, $method, $config); $this->setHeader('User-Agent', $this->userAgent()); } @@ -204,6 +208,15 @@ class HTTPClient extends HTTP_Request2 protected function doRequest($url, $method, $headers) { $this->setUrl($url); + + // Workaround for HTTP_Request2 not setting up SNI in socket contexts; + // This fixes cert validation for SSL virtual hosts using SNI. + // Requires PHP 5.3.2 or later and OpenSSL with SNI support. + if ($this->url->getScheme() == 'https' && defined('OPENSSL_TLSEXT_SERVER_NAME')) { + $this->config['ssl_SNI_enabled'] = true; + $this->config['ssl_SNI_server_name'] = $this->url->getHost(); + } + $this->setMethod($method); if ($headers) { foreach ($headers as $header) { |