1 files changed, 38 insertions, 10 deletions

diff --git a/lib/httpclient.php b/lib/httpclient.php
index 64a51353c..514a5afeb 100644
--- a/lib/httpclient.php
+++ b/lib/httpclient.php
@@ -43,6 +43,9 @@ require_once 'HTTP/Request2/Response.php';
  *
  * This extends the HTTP_Request2_Response class with methods to get info
  * about any followed redirects.
+ * 
+ * Originally used the name 'HTTPResponse' to match earlier code, but
+ * this conflicts with a class in in the PECL HTTP extension.
  *
  * @category HTTP
  * @package StatusNet
@@ -51,7 +54,7 @@ require_once 'HTTP/Request2/Response.php';
  * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link http://status.net/
  */
-class HTTPResponse extends HTTP_Request2_Response
+class StatusNet_HTTPResponse extends HTTP_Request2_Response
 {
     function __construct(HTTP_Request2_Response $response, $url, $redirects=0)
     {
@@ -129,7 +132,23 @@ class HTTPClient extends HTTP_Request2
         // ought to be investigated to see if we can handle
         // it gracefully in that case as well.
         $this->config['protocol_version'] = '1.0';
-        
+
+        // Default state of OpenSSL seems to have no trusted
+        // SSL certificate authorities, which breaks hostname
+        // verification and means we have a hard time communicating
+        // with other sites' HTTPS interfaces.
+        //
+        // Turn off verification unless we've configured a CA bundle.
+        if (common_config('http', 'ssl_cafile')) {
+            $this->config['ssl_cafile'] = common_config('http', 'ssl_cafile');
+        } else {
+            $this->config['ssl_verify_peer'] = false;
+        }
+
+        if (common_config('http', 'curl') && extension_loaded('curl')) {
+            $this->config['adapter'] = 'HTTP_Request2_Adapter_Curl';
+        }
+
         parent::__construct($url, $method, $config);
         $this->setHeader('User-Agent', $this->userAgent());
     }
@@ -146,7 +165,7 @@ class HTTPClient extends HTTP_Request2
     /**
      * Convenience function to run a GET request.
      *
-     * @return HTTPResponse
+     * @return StatusNet_HTTPResponse
      * @throws HTTP_Request2_Exception
      */
     public function get($url, $headers=array())
@@ -157,7 +176,7 @@ class HTTPClient extends HTTP_Request2
     /**
      * Convenience function to run a HEAD request.
      *
-     * @return HTTPResponse
+     * @return StatusNet_HTTPResponse
      * @throws HTTP_Request2_Exception
      */
     public function head($url, $headers=array())
@@ -171,7 +190,7 @@ class HTTPClient extends HTTP_Request2
      * @param string $url
      * @param array $headers optional associative array of HTTP headers
      * @param array $data optional associative array or blob of form data to submit
-     * @return HTTPResponse
+     * @return StatusNet_HTTPResponse
      * @throws HTTP_Request2_Exception
      */
     public function post($url, $headers=array(), $data=array())
@@ -183,12 +202,21 @@ class HTTPClient extends HTTP_Request2
     }
 
     /**
-     * @return HTTPResponse
+     * @return StatusNet_HTTPResponse
      * @throws HTTP_Request2_Exception
      */
     protected function doRequest($url, $method, $headers)
     {
         $this->setUrl($url);
+
+        // Workaround for HTTP_Request2 not setting up SNI in socket contexts;
+        // This fixes cert validation for SSL virtual hosts using SNI.
+        // Requires PHP 5.3.2 or later and OpenSSL with SNI support.
+        if ($this->url->getScheme() == 'https' && defined('OPENSSL_TLSEXT_SERVER_NAME')) {
+            $this->config['ssl_SNI_enabled'] = true;
+            $this->config['ssl_SNI_server_name'] = $this->url->getHost();
+        }
+
         $this->setMethod($method);
         if ($headers) {
             foreach ($headers as $header) {
@@ -217,12 +245,12 @@ class HTTPClient extends HTTP_Request2
     }
 
     /**
-     * Actually performs the HTTP request and returns an HTTPResponse object
-     * with response body and header info.
+     * Actually performs the HTTP request and returns a
+     * StatusNet_HTTPResponse object with response body and header info.
      *
      * Wraps around parent send() to add logging and redirection processing.
      *
-     * @return HTTPResponse
+     * @return StatusNet_HTTPResponse
      * @throw HTTP_Request2_Exception
      */
     public function send()
@@ -265,6 +293,6 @@ class HTTPClient extends HTTP_Request2
             }
             break;
         } while ($maxRedirs);
-        return new HTTPResponse($response, $this->getUrl(), $redirs);
+        return new StatusNet_HTTPResponse($response, $this->getUrl(), $redirs);
     }
 }