From: Tyler Anthony Romeo Date: Thu, 25 Oct 2012 17:08:28 +0000 (-0400) Subject: Made SSL validation in Curl HTTP requests the default. X-Git-Tag: 1.31.0-rc.0~21627^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=5c8d6fa60f521073136012f67e66bdb72010e720;p=lhc%2Fweb%2Fwiklou.git Made SSL validation in Curl HTTP requests the default. Changed the default value for CURLOPT_SSL_VERIFYHOST to 2 rather than true. This makes sure that hostname validation occurs. Change-Id: Ia6535f1090627ef2def360bda37c22bff10c7f31 --- diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index 32f77dcfab..dbd4142885 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -45,7 +45,9 @@ class Http { * Otherwise it will use $wgHTTPProxy (if set) * Otherwise it will use the environment variable "http_proxy" (if set) * - noProxy Don't use any proxy at all. Takes precedence over proxy value(s). - * - sslVerifyHost (curl only) Verify hostname against certificate + * - sslVerifyHost (curl only) Set to 2 to verify hostname against certificate + * Setting to 1 (or true) will NOT verify the host name. It will + * only check its existence. Setting to 0 (or false) disables entirely. * - sslVerifyCert (curl only) Verify SSL certificate * - caInfo (curl only) Provide CA information * - maxRedirects Maximum number of redirects to follow (defaults to 5) @@ -185,7 +187,15 @@ class MWHttpRequest { protected $postData = null; protected $proxy = null; protected $noProxy = false; - protected $sslVerifyHost = true; + /** + * Parameter passed to Curl that specifies whether + * to validate SSL certificates. + * + * Setting to 0 disables entirely. Setting to 1 checks + * the existence of a CN, but doesn't verify it. Setting + * to 2 (the default) actually verifies the host. + */ + protected $sslVerifyHost = 2; protected $sslVerifyCert = true; protected $caInfo = null; protected $method = "GET";