$this->reset();
$c = curl_init();
+ if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
+ && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
+ trigger_error(
+ 'You have disabled SSL verifcation, this is a TERRIBLE ' .
+ 'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
+ 'VERIFYPEER to false if you want to be safe again',
+ E_USER_WARNING);
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
if ($c === false) {
Auth_OpenID::log(
curl_setopt($c, CURLOPT_URL, $url);
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
+ }
+ if (defined('Auth_OpenID_HTTP_PROXY')) {
+ curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
}
curl_exec($c);
curl_close($c);
if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
$this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/get', $url);
}
}
- Auth_OpenID::log(
- "Successfully fetched '%s': GET response code %s",
- $url, $code);
-
return new Auth_Yadis_HTTPResponse($url, $code,
$new_headers, $body);
}
curl_setopt($c, CURLOPT_NOSIGNAL, true);
}
+ if (defined('Auth_OpenID_HTTP_PROXY')) {
+ curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
+ }
+
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $body);
curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
array($this, "_writeData"));
if (defined('Auth_OpenID_VERIFY_HOST')) {
- curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
}
curl_exec($c);
return null;
}
- if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
+ $this->isHTTPS($url)) {
Auth_OpenID::log('OpenID: Verified SSL host %s using '.
'curl/post', $url);
}
}
- Auth_OpenID::log("Successfully fetched '%s': POST response code %s",
- $url, $code);
-
return new Auth_Yadis_HTTPResponse($url, $code,
$new_headers, $body);
}
projects / quix0rs-gnu-social.git / blobdiff