As well as fixing the broken implementation of sslVerifyHost, correct its documentati...

Note that CURLOPT_SSL_VERIFYHOST controls *only* the verification of hostname against the hostname on the certificate.

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 134e244..b9b1cf9 100644 (file)
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -15,15 +15,17 @@ class Http {
         * @param $method string HTTP method. Usually GET/POST
         * @param $url string Full URL to act on
         * @param $options options to pass to HttpRequest object
-        *                               Possible keys for the array:
-        *                                      timeout                   Timeout length in seconds
-        *                                      postData                  An array of key-value pairs or a url-encoded form data
-        *                                      proxy                     The proxy to use.      Will use $wgHTTPProxy (if set) otherwise.
-        *                                      noProxy                   Override $wgHTTPProxy (if set) and don't use any proxy at all.
-        *                                      sslVerifyHost     (curl only) Verify the SSL certificate
-        *                                      caInfo                    (curl only) Provide CA information
-        *                                      maxRedirects      Maximum number of redirects to follow (defaults to 5)
-        *                                      followRedirects   Whether to follow redirects (defaults to true)
+        *      Possible keys for the array:
+        *              timeout                         Timeout length in seconds
+        *              postData                        An array of key-value pairs or a url-encoded form data
+        *              proxy                           The proxy to use.
+        *                                              Will use $wgHTTPProxy (if set) otherwise.
+        *              noProxy                         Override $wgHTTPProxy (if set) and don't use any proxy at all.
+        *              sslVerifyHost   (curl only)     Verify hostname against certificate
+        *              sslVerifyCert   (curl only)     Verify SSL certificate
+        *              caInfo          (curl only)     Provide CA information
+        *              maxRedirects                    Maximum number of redirects to follow (defaults to 5)
+        *              followRedirects   Whether to follow redirects (defaults to true)
         * @returns mixed (bool)false on failure or a string on success
         */
        public static function request( $method, $url, $options = array() ) {
@@ -128,6 +130,7 @@ class HttpRequest {
        protected $proxy = null;
        protected $noProxy = false;
        protected $sslVerifyHost = true;
+       protected $sslVerifyCert = true;
        protected $caInfo = null;
        protected $method = "GET";
        protected $reqHeaders = array();
@@ -169,7 +172,7 @@ class HttpRequest {
                }
 
                $members = array( "postData", "proxy", "noProxy", "sslVerifyHost", "caInfo",
-                                                 "method", "followRedirects", "maxRedirects" );
+                                 "method", "followRedirects", "maxRedirects", "sslVerifyCert" );
                foreach ( $members as $o ) {
                        if ( isset($options[$o]) ) {
                                $this->$o = $options[$o];
@@ -738,6 +741,10 @@ class CurlHttpRequest extends HttpRequest {
                if ( isset( $this->sslVerifyHost ) ) {
                        $this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost;
                }
+               
+               if ( isset( $this->sslVerifyCert ) ) {
+                       $this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
+               }
 
                if ( $this->caInfo ) {
                        $this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;