Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Use Mozilla's CA bundle by default for SSL requests, and allow SSL co…

…nfiguration flexibility PSR-2 fixes
  • Loading branch information...
commit 3f005bfc983b7e6d38f00b26cbfd759b2b220b33 1 parent 71fac84
@claylo claylo authored mtdowling committed
Showing with 3,924 additions and 7 deletions.
  1. +51 −7 Client.php
  2. +24 −0 ClientInterface.php
  3. +3,849 −0 Resources/cacert.pem
View
58 Client.php
@@ -70,6 +70,7 @@ public static function getAllEvents()
public function __construct($baseUrl = '', $config = null)
{
$this->setConfig($config ?: new Collection());
+ $this->setSslVerification();
$this->setBaseUrl($baseUrl);
$this->defaultHeaders = new Collection();
$this->setRequestFactory(RequestFactory::getInstance());
@@ -105,6 +106,43 @@ public function __construct($baseUrl = '', $config = null)
/**
* {@inheritdoc}
*/
+ final public function setSslVerification($certificateAuthority = true, $verifyPeer = true, $verifyHost = 2)
+ {
+ $opts = $this->config->get(self::CURL_OPTIONS) ?: array();
+
+ if ($certificateAuthority === true) {
+ // use bundled CA bundle, set secure defaults
+ $opts[CURLOPT_CAINFO] = __DIR__ . '/Resources/cacert.pem';
+ $opts[CURLOPT_SSL_VERIFYPEER] = true;
+ $opts[CURLOPT_SSL_VERIFYHOST] = 2;
+ } elseif ($certificateAuthority === false) {
+ unset($opts[CURLOPT_CAINFO]);
+ $opts[CURLOPT_SSL_VERIFYPEER] = false;
+ $opts[CURLOPT_SSL_VERIFYHOST] = 1;
+ } elseif ($verifyPeer !== true && $verifyPeer !== false && $verifyPeer !== 1 && $verifyPeer !== 0) {
+ throw new InvalidArgumentException('verifyPeer must be 1, 0 or boolean');
+ } elseif ($verifyHost !== 0 && $verifyHost !== 1 && $verifyHost !== 2) {
+ throw new InvalidArgumentException('verifyHost must be 0, 1 or 2');
+ } else {
+ $opts[CURLOPT_SSL_VERIFYPEER] = $verifyPeer;
+ $opts[CURLOPT_SSL_VERIFYHOST] = $verifyHost;
+ if (is_file($certificateAuthority)) {
+ unset($opts[CURLOPT_CAPATH]);
+ $opts[CURLOPT_CAINFO] = $certificateAuthority;
+ } elseif (is_dir($certificateAuthority)) {
+ unset($opts[CURLOPT_CAINFO]);
+ $opts[CURLOPT_CAPATH] = $certificateAuthority;
+ }
+ }
+
+ $this->config->set(self::CURL_OPTIONS, $opts);
+
+ return $this;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
public function getDefaultHeaders()
{
return $this->defaultHeaders;
@@ -315,9 +353,12 @@ public function send($requests)
if (!$multipleRequests) {
return end($requests)->getResponse();
} else {
- return array_map(function($request) {
- return $request->getResponse();
- }, $requests);
+ return array_map(
+ function ($request) {
+ return $request->getResponse();
+ },
+ $requests
+ );
}
}
@@ -377,10 +418,13 @@ protected function prepareRequest(RequestInterface $request)
// Attach client observers to the request
$request->setEventDispatcher(clone $this->getEventDispatcher());
- $this->dispatch('client.create_request', array(
- 'client' => $this,
- 'request' => $request
- ));
+ $this->dispatch(
+ 'client.create_request',
+ array(
+ 'client' => $this,
+ 'request' => $request
+ )
+ );
return $request;
}
View
24 ClientInterface.php
@@ -37,6 +37,30 @@ public function setConfig($config);
public function getConfig($key = false);
/**
+ * Set SSL verification options.
+ *
+ * Setting $certificateAuthority to TRUE will result in the bundled
+ * cacert.pem being used to verify against the remote host.
+ *
+ * Alternate certificates to verify against can be specified with the
+ * $certificateAuthority option set to a certificate file location to be
+ * used with CURLOPT_CAINFO, or a certificate directory path to be used
+ * with the CURLOPT_CAPATH option.
+ *
+ * Setting $certificateAuthority to FALSE will turn off peer verification,
+ * unset the bundled cacert.pem, and disable host verification. Please
+ * don't do this unless you really know what you're doing, and why
+ * you're doing it.
+ *
+ * @param string|bool $certificateAuthority bool, file path, or directory path
+ * @param bool $verifyPeer FALSE to stop cURL from verifying the peer's certificate.
+ * @param int $verifyHost Set the cURL handle's CURLOPT_SSL_VERIFYHOST option
+ *
+ * @return ClientInterface
+ */
+ public function setSslVerification($certificateAuthority = true, $verifyPeer = true, $verifyHost = 2);
+
+ /**
* Get the default HTTP headers to add to each request created by the client
*
* @return Collection
View
3,849 Resources/cacert.pem
3,849 additions, 0 deletions not shown
Please sign in to comment.
Something went wrong with that request. Please try again.