Tim Starling has uploaded a new change for review.
https://gerrit.wikimedia.org/r/51334
Change subject: Preserve caller expectations for behaviour of sslVerifyHost
......................................................................
Preserve caller expectations for behaviour of sslVerifyHost
(bug 42441) The previous patch unnecessarily broke backwards
compatibility in the Http::request() API, following cURL's broken
conventions for sslVerifyHost instead of the boolean interpretation
expected by all existing callers. This change reverts that one, and
fixes the bug in another way. See Ia6535f10.
Also don't bother wrapping the $this->sslVerifyHost access with isset()
since it's always set.
Change-Id: Ia4e1689249b6ac515b859ea2eca1dcff3e63098c
---
M includes/HttpFunctions.php
1 file changed, 4 insertions(+), 19 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/34/51334/1
diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 6a348a6..892e0ed 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -45,9 +45,7 @@
* Otherwise it will use $wgHTTPProxy (if set)
* Otherwise it will use the environment
variable "http_proxy" (if set)
* - noProxy Don't use any proxy at all. Takes
precedence over proxy value(s).
- * - sslVerifyHost (curl only) Set to 2 to verify hostname
against certificate
- * Setting to 1 (or true) will NOT
verify the host name. It will
- * only check its existence. Setting
to 0 (or false) disables entirely.
+ * - sslVerifyHost (curl only) Verify hostname against
certificate
* - sslVerifyCert (curl only) Verify SSL certificate
* - caInfo (curl only) Provide CA information
* - maxRedirects Maximum number of redirects to follow
(defaults to 5)
@@ -187,15 +185,7 @@
protected $postData = null;
protected $proxy = null;
protected $noProxy = false;
- /**
- * Parameter passed to Curl that specifies whether
- * to validate SSL certificates.
- *
- * Setting to 0 disables entirely. Setting to 1 checks
- * the existence of a CN, but doesn't verify it. Setting
- * to 2 (the default) actually verifies the host.
- */
- protected $sslVerifyHost = 2;
+ protected $sslVerifyHost = true;
protected $sslVerifyCert = true;
protected $caInfo = null;
protected $method = "GET";
@@ -731,13 +721,8 @@
}
$this->curlOptions[CURLOPT_USERAGENT] =
$this->reqHeaders['User-Agent'];
- if ( isset( $this->sslVerifyHost ) ) {
- $this->curlOptions[CURLOPT_SSL_VERIFYHOST] =
$this->sslVerifyHost;
- }
-
- if ( isset( $this->sslVerifyCert ) ) {
- $this->curlOptions[CURLOPT_SSL_VERIFYPEER] =
$this->sslVerifyCert;
- }
+ $this->curlOptions[CURLOPT_SSL_VERIFYHOST] =
$this->sslVerifyHost ? 2 : 0;
+ $this->curlOptions[CURLOPT_SSL_VERIFYPEER] =
$this->sslVerifyCert;
if ( $this->caInfo ) {
$this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
--
To view, visit https://gerrit.wikimedia.org/r/51334
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia4e1689249b6ac515b859ea2eca1dcff3e63098c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Tim Starling <tstarl...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
