1 files changed, 24 insertions, 5 deletions

diff --git a/extlib/Auth/Yadis/ParanoidHTTPFetcher.php b/extlib/Auth/Yadis/ParanoidHTTPFetcher.php
index 6a418260e..4da7c94c0 100644
--- a/extlib/Auth/Yadis/ParanoidHTTPFetcher.php
+++ b/extlib/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -109,9 +109,9 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             }
 
             curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                        array(&$this, "_writeData"));
+                        array($this, "_writeData"));
             curl_setopt($c, CURLOPT_HEADERFUNCTION,
-                        array(&$this, "_writeHeader"));
+                        array($this, "_writeHeader"));
 
             if ($extra_headers) {
                 curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
@@ -128,6 +128,10 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             curl_setopt($c, CURLOPT_TIMEOUT, $off);
             curl_setopt($c, CURLOPT_URL, $url);
 
+            if (defined('Auth_OpenID_VERIFY_HOST')) {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+            }
             curl_exec($c);
 
             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -142,12 +146,17 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
             }
 
             if (in_array($code, array(301, 302, 303, 307))) {
-                $url = $this->_findRedirect($headers);
+                $url = $this->_findRedirect($headers, $url);
                 $redir = true;
             } else {
                 $redir = false;
                 curl_close($c);
 
+                if (defined('Auth_OpenID_VERIFY_HOST') &&
+                    $this->isHTTPS($url)) {
+                    Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                                     'curl/get', $url);
+                }
                 $new_headers = array();
 
                 foreach ($headers as $header) {
@@ -190,7 +199,12 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
         curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
         curl_setopt($c, CURLOPT_URL, $url);
         curl_setopt($c, CURLOPT_WRITEFUNCTION,
-                    array(&$this, "_writeData"));
+                    array($this, "_writeData"));
+
+        if (defined('Auth_OpenID_VERIFY_HOST')) {
+            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+            curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+        }
 
         curl_exec($c);
 
@@ -198,9 +212,15 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
 
         if (!$code) {
             Auth_OpenID::log("Got no response code when fetching %s", $url);
+            Auth_OpenID::log("CURL error (%s): %s",
+                             curl_errno($c), curl_error($c));
             return null;
         }
 
+        if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+            Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                             'curl/post', $url);
+        }
         $body = $this->data;
 
         curl_close($c);
@@ -223,4 +243,3 @@ class Auth_Yadis_ParanoidHTTPFetcher extends Auth_Yadis_HTTPFetcher {
     }
 }
 
-?>
\ No newline at end of file