$this->reset();
$c = curl_init();
+ if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
+ && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
+ trigger_error(
+ 'You have disabled SSL verifcation, this is a TERRIBLE ' .
+ 'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
+ 'VERIFYPEER to false if you want to be safe again',
+ E_USER_WARNING);
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
if ($c === false) {
Auth_OpenID::log(
}
curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array(&$this, "_writeData"));
+ array($this, "_writeData"));
curl_setopt($c, CURLOPT_HEADERFUNCTION,
- array(&$this, "_writeHeader"));
+ array($this, "_writeHeader"));
if ($extra_headers) {
curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
curl_setopt($c, CURLOPT_TIMEOUT, $off);
curl_setopt($c, CURLOPT_URL, $url);
+ if (defined('Auth_OpenID_VERIFY_HOST')) {
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
+ }
+ if (defined('Auth_OpenID_HTTP_PROXY')) {
+ curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
+ }
curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
}
if (in_array($code, array(301, 302, 303, 307))) {
- $url = $this->_findRedirect($headers);
+ $url = $this->_findRedirect($headers, $url);
$redir = true;
} else {
$redir = false;
curl_close($c);
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
+ $this->isHTTPS($url)) {
+ Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+ 'curl/get', $url);
+ }
$new_headers = array();
foreach ($headers as $header) {
}
}
- Auth_OpenID::log(
- "Successfully fetched '%s': GET response code %s",
- $url, $code);
-
return new Auth_Yadis_HTTPResponse($url, $code,
$new_headers, $body);
}
curl_setopt($c, CURLOPT_NOSIGNAL, true);
}
+ if (defined('Auth_OpenID_HTTP_PROXY')) {
+ curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
+ }
+
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $body);
curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_WRITEFUNCTION,
- array(&$this, "_writeData"));
+ array($this, "_writeData"));
+
+ if (defined('Auth_OpenID_VERIFY_HOST')) {
+ // set SSL verification options only if Auth_OpenID_VERIFY_HOST
+ // is explicitly set, otherwise use system default.
+ if (Auth_OpenID_VERIFY_HOST) {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+ curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+ if (defined('Auth_OpenID_CAINFO')) {
+ curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
+ }
+ } else {
+ curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
+ }
+ }
curl_exec($c);
if (!$code) {
Auth_OpenID::log("Got no response code when fetching %s", $url);
+ Auth_OpenID::log("CURL error (%s): %s",
+ curl_errno($c), curl_error($c));
return null;
}
+ if (defined('Auth_OpenID_VERIFY_HOST') &&
+ Auth_OpenID_VERIFY_HOST == true &&
+ $this->isHTTPS($url)) {
+ Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+ 'curl/post', $url);
+ }
$body = $this->data;
curl_close($c);
}
- Auth_OpenID::log("Successfully fetched '%s': POST response code %s",
- $url, $code);
-
return new Auth_Yadis_HTTPResponse($url, $code,
$new_headers, $body);
}
}
-?>
\ No newline at end of file
projects / quix0rs-gnu-social.git / blobdiff