Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make SSL checks explicit by default

  • Loading branch information...
commit cfb47a61af8f8132fc47cd4c9fae0a339316de2f 1 parent 08aec40
@johnj authored
Showing with 16 additions and 3 deletions.
  1. +2 −2 php_xcom.h
  2. +14 −1 xcom.c
View
4 php_xcom.h
@@ -111,7 +111,7 @@ extern zend_module_entry xcom_module_entry;
#define XCOM_SSLCHECK_NONE 0
#define XCOM_SSLCHECK_HOST 1
#define XCOM_SSLCHECK_PEER 2
-#define XCOM_SSLCHECK_BOTH (OAUTH_SSLCHECK_HOST | OAUTH_SSLCHECK_PEER)
+#define XCOM_SSLCHECK_BOTH (XCOM_SSLCHECK_HOST | XCOM_SSLCHECK_PEER)
/* errors */
#define XCOM_ERR_BAD_REQUEST 400
@@ -153,7 +153,6 @@ typedef struct {
smart_str debug_output;
smart_str headers_in;
smart_str headers_out;
- uint sslcheck; /* whether we check for SSL verification or not */
uint debug; /* verbose output */
long timeout; /* timeout in milliseconds */
zval *this_ptr;
@@ -173,6 +172,7 @@ typedef struct {
long response_code;
int debug;
int async;
+ int sslchecks;
} php_xcom_req_t;
#if (PHP_MAJOR_VERSION >= 6)
View
15 xcom.c
@@ -142,6 +142,14 @@ static void* php_xcom_send_msg(void *r) /* {{{ */
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, req->payload);
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, strlen(req->payload));
+ if(req->sslchecks & XCOM_SSLCHECK_HOST) {
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 1L);
+ }
+
+ if(req->sslchecks & XCOM_SSLCHECK_PEER) {
+ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+ }
+
if(!req->async) {
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, php_xcom_read_response);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, req->xcom);
@@ -345,7 +353,7 @@ int php_xcom_obj_from_avro_msg(zval **obj, char *msg, char *json_schema TSRMLS_D
static void* php_xcom_send_msg_common(INTERNAL_FUNCTION_PARAMETERS, int async) {
php_xcom *xcom;
- zval *obj, *data_obj, *debug, *hdrs = NULL, **cur_val;
+ zval *obj, *data_obj, *debug, *hdrs = NULL, **cur_val, *sslchecks;
char *topic, *json_schema = NULL, *schema_uri;
size_t topic_len = 0, schema_len = 0, schema_uri_len = 0;
char *msg = NULL;
@@ -475,6 +483,10 @@ static void* php_xcom_send_msg_common(INTERNAL_FUNCTION_PARAMETERS, int async) {
req->debug = 0;
+ sslchecks = zend_read_property(xcom_ce, obj, "__sslchecks", sizeof("__sslchecks")-1, 0 TSRMLS_CC);
+
+ req->sslchecks = Z_LVAL_P(sslchecks);
+
if(async) {
req->payload = strdup(msg);
req->debug = debug ? Z_BVAL_P(debug) : 0;
@@ -634,6 +646,7 @@ XCOM_METHOD(__construct) /* {{{ */
}
zend_update_property_bool(xcom_ce, obj, "__debug", sizeof("__debug")-1, 0L TSRMLS_CC);
+ zend_update_property_bool(xcom_ce, obj, "__sslchecks", sizeof("__sslchecks")-1, XCOM_SSLCHECK_BOTH TSRMLS_CC);
return;
}
Please sign in to comment.
Something went wrong with that request. Please try again.