Permalink
Browse files

Adding an MD5 check to the cacert.pem file when using the phar

  • Loading branch information...
1 parent 176d928 commit b99fe0cac83e2148f36a3d66926fc5741d433f6b @mtdowling mtdowling committed Apr 3, 2013
Showing with 11 additions and 6 deletions.
  1. +2 −0 phing/imports/deploy.xml
  2. +8 −6 src/Guzzle/Http/Client.php
  3. +1 −0 src/Guzzle/Http/Resources/cacert.md5
View
@@ -130,6 +130,8 @@
signature="md5">
<fileset dir="${project.basedir}/.subsplit">
<include name="src/**/*.php" />
+ <include name="src/**/*.pem" />
+ <include name="src/**/*.md5" />
<include name="vendor/symfony/class-loader/Symfony/Component/ClassLoader/UniversalClassLoader.php" />
<include name="vendor/symfony/event-dispatcher/**/*.php" />
<include name="vendor/doctrine/common/lib/Doctrine/Common/Cache/*.php" />
View
@@ -484,14 +484,16 @@ protected function prepareRequest(RequestInterface $request)
*/
protected function preparePharCacert()
{
- $certFile = sys_get_temp_dir() . '/cacert.pem';
+ $from = 'phar://guzzle.phar/src/Guzzle/Http/Resources/cacert.pem';
+ $certFile = sys_get_temp_dir() . '/guzzle-cacert.pem';
if (file_exists($certFile)) {
- if (!copy('phar://guzzle.phar/src/Guzzle/Http/Resources/cacert.pem', $certFile)) {
- throw new RuntimeException(
- 'Could not copy phar://guzzle.phar/src/Guzzle/Http/Resources/cacert.pem to '
- . $certFile
- );
+ $actualMd5 = md5_file($certFile);
+ $expectedMd5 = trim(file_get_contents('phar://guzzle.phar/src/Guzzle/Http/Resources/cacert.md5'));
+ if ($actualMd5 != $expectedMd5) {
+ throw new RuntimeException("{$certFile} MD5 mismatch: expected {$expectedMd5} but got {$actualMd5}");
}
+ } elseif (!copy($from, $certFile)) {
+ throw new RuntimeException("Could not copy {$from} to {$certFile}");
}
return $certFile;
@@ -0,0 +1 @@
+47961e7ef15667c93cd99be01b51f00a

0 comments on commit b99fe0c

Please sign in to comment.