From 4901c2257da9ef0b3ff413692e99189e7663265b Mon Sep 17 00:00:00 2001
From: Andrew Garrett <werdna@users.mediawiki.org>
Date: Sun, 25 Apr 2010 23:10:53 +0000
Subject: [PATCH] As well as fixing the broken implementation of sslVerifyHost,
 correct its documentation and implement a new option, sslVerifyCert, to do
 what the documentation said that sslVerifyHost did.

Note that CURLOPT_SSL_VERIFYHOST controls *only* the verification of hostname against the hostname on the certificate.
---
 includes/HttpFunctions.php | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 134e244c70..b9b1cf99a0 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -15,15 +15,17 @@ class Http {
 	 * @param $method string HTTP method. Usually GET/POST
 	 * @param $url string Full URL to act on
 	 * @param $options options to pass to HttpRequest object
-	 *				 Possible keys for the array:
-	 *					timeout			  Timeout length in seconds
-	 *					postData		  An array of key-value pairs or a url-encoded form data
-	 *					proxy			  The proxy to use.	 Will use $wgHTTPProxy (if set) otherwise.
-	 *					noProxy			  Override $wgHTTPProxy (if set) and don't use any proxy at all.
-	 *					sslVerifyHost	  (curl only) Verify the SSL certificate
-	 *					caInfo			  (curl only) Provide CA information
-	 *					maxRedirects	  Maximum number of redirects to follow (defaults to 5)
-	 *					followRedirects	  Whether to follow redirects (defaults to true)
+	 *	Possible keys for the array:
+	 *		timeout				Timeout length in seconds
+	 *		postData			An array of key-value pairs or a url-encoded form data
+	 *		proxy				The proxy to use.
+	 *						Will use $wgHTTPProxy (if set) otherwise.
+	 *		noProxy			  	Override $wgHTTPProxy (if set) and don't use any proxy at all.
+	 *		sslVerifyHost 	(curl only)	Verify hostname against certificate
+	 *		sslVerifyCert 	(curl only)	Verify SSL certificate
+	 *		caInfo		(curl only)	Provide CA information
+	 *		maxRedirects	  		Maximum number of redirects to follow (defaults to 5)
+	 *		followRedirects	  Whether to follow redirects (defaults to true)
 	 * @returns mixed (bool)false on failure or a string on success
 	 */
 	public static function request( $method, $url, $options = array() ) {
@@ -128,6 +130,7 @@ class HttpRequest {
 	protected $proxy = null;
 	protected $noProxy = false;
 	protected $sslVerifyHost = true;
+	protected $sslVerifyCert = true;
 	protected $caInfo = null;
 	protected $method = "GET";
 	protected $reqHeaders = array();
@@ -169,7 +172,7 @@ class HttpRequest {
 		}
 
 		$members = array( "postData", "proxy", "noProxy", "sslVerifyHost", "caInfo",
-						  "method", "followRedirects", "maxRedirects" );
+				  "method", "followRedirects", "maxRedirects", "sslVerifyCert" );
 		foreach ( $members as $o ) {
 			if ( isset($options[$o]) ) {
 				$this->$o = $options[$o];
@@ -738,6 +741,10 @@ class CurlHttpRequest extends HttpRequest {
 		if ( isset( $this->sslVerifyHost ) ) {
 			$this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost;
 		}
+		
+		if ( isset( $this->sslVerifyCert ) ) {
+			$this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
+		}
 
 		if ( $this->caInfo ) {
 			$this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
-- 
2.20.1