X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhttpclient.php;h=04e2b9ac6539c9b884b7f50f0a33d25e792081f2;hb=7d64d8c78cfa102b91975598ef9e574d2ef14b8c;hp=384626ae06348de59dffc70af3a1a82338ed91e4;hpb=3da50c19dfff7645dc46f1b836ebf4ecda726129;p=quix0rs-gnu-social.git

diff --git a/lib/httpclient.php b/lib/httpclient.php
index 384626ae06..04e2b9ac65 100644
--- a/lib/httpclient.php
+++ b/lib/httpclient.php
@@ -132,7 +132,31 @@ class HTTPClient extends HTTP_Request2
         // ought to be investigated to see if we can handle
         // it gracefully in that case as well.
         $this->config['protocol_version'] = '1.0';
-        
+
+        // Default state of OpenSSL seems to have no trusted
+        // SSL certificate authorities, which breaks hostname
+        // verification and means we have a hard time communicating
+        // with other sites' HTTPS interfaces.
+        //
+        // Turn off verification unless we've configured a CA bundle.
+        if (common_config('http', 'ssl_cafile')) {
+            $this->config['ssl_cafile'] = common_config('http', 'ssl_cafile');
+        } else {
+            $this->config['ssl_verify_peer'] = false;
+        }
+
+        if (common_config('http', 'curl') && extension_loaded('curl')) {
+            $this->config['adapter'] = 'HTTP_Request2_Adapter_Curl';
+        }
+
+        foreach (array('host', 'port', 'user', 'password', 'auth_scheme') as $cf) {
+            $k = 'proxy_'.$cf;
+            $v = common_config('http', $k); 
+            if (!empty($v)) {
+                $this->config[$k] = $v;
+            }
+        }
+
         parent::__construct($url, $method, $config);
         $this->setHeader('User-Agent', $this->userAgent());
     }
@@ -192,6 +216,15 @@ class HTTPClient extends HTTP_Request2
     protected function doRequest($url, $method, $headers)
     {
         $this->setUrl($url);
+
+        // Workaround for HTTP_Request2 not setting up SNI in socket contexts;
+        // This fixes cert validation for SSL virtual hosts using SNI.
+        // Requires PHP 5.3.2 or later and OpenSSL with SNI support.
+        if ($this->url->getScheme() == 'https' && defined('OPENSSL_TLSEXT_SERVER_NAME')) {
+            $this->config['ssl_SNI_enabled'] = true;
+            $this->config['ssl_SNI_server_name'] = $this->url->getHost();
+        }
+
         $this->setMethod($method);
         if ($headers) {
             foreach ($headers as $header) {