Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Added the following patch from the dev@openidenabled.com mailing list:

http://lists.openidenabled.com/pipermail/dev/attachments/20090928/2d616914/attachment.bin

Original Message:
anthony.lenton at canonical.com anthony.lenton at canonical.com
Mon Sep 28 11:30:12 PDT 2009
darcs patch: cURL verify host

	"With this patch, if you define Auth_Openid_VERIFY_HOST cURL will enable host verification on ssl connections, for added security."

This patch was in the form of a Darcs patch, not a normal patch.  So solve this, I applied it to the Darcs repository found on openidenabled, then created a new diff file between the original Darcs repo and the new one (with the patch applied) so that I could apply it to this git repo.

All hunks were applied successfully.
  • Loading branch information...
commit a98cbcab135e9867bb3aea5d8e112cb7f7b52560 1 parent a6b4f08
Lilli authored

Showing 1 changed file with 20 additions and 0 deletions. Show diff stats Hide diff stats

  1. +20 0 Auth/Yadis/ParanoidHTTPFetcher.php
20 Auth/Yadis/ParanoidHTTPFetcher.php
@@ -128,6 +128,10 @@ function get($url, $extra_headers = null)
128 128 curl_setopt($c, CURLOPT_TIMEOUT, $off);
129 129 curl_setopt($c, CURLOPT_URL, $url);
130 130
  131 + if (defined('Auth_OpenID_VERIFY_HOST')) {
  132 + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
  133 + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
  134 + }
131 135 curl_exec($c);
132 136
133 137 $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -148,6 +152,11 @@ function get($url, $extra_headers = null)
148 152 $redir = false;
149 153 curl_close($c);
150 154
  155 + if (defined('Auth_OpenID_VERIFY_HOST') &&
  156 + $this->isHTTPS($url)) {
  157 + Auth_OpenID::log('OpenID: Verified SSL host %s using '.
  158 + 'curl/get', $url);
  159 + }
151 160 $new_headers = array();
152 161
153 162 foreach ($headers as $header) {
@@ -192,15 +201,26 @@ function post($url, $body, $extra_headers = null)
192 201 curl_setopt($c, CURLOPT_WRITEFUNCTION,
193 202 array($this, "_writeData"));
194 203
  204 + if (defined('Auth_OpenID_VERIFY_HOST')) {
  205 + curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
  206 + curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
  207 + }
  208 +
195 209 curl_exec($c);
196 210
197 211 $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
198 212
199 213 if (!$code) {
200 214 Auth_OpenID::log("Got no response code when fetching %s", $url);
  215 + Auth_OpenID::log("CURL error (%s): %s",
  216 + curl_errno($c), curl_error($c));
201 217 return null;
202 218 }
203 219
  220 + if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
  221 + Auth_OpenID::log('OpenID: Verified SSL host %s using '.
  222 + 'curl/post', $url);
  223 + }
204 224 $body = $this->data;
205 225
206 226 curl_close($c);

0 comments on commit a98cbca

Please sign in to comment.
Something went wrong with that request. Please try again.