jenkins-bot has submitted this change and it was merged.
Change subject: Added SSL verification to PHPHttpRequest.
......................................................................
Added SSL verification to PHPHttpRequest.
PHP's stream context options support SSL server verification as well a CN
matching and provision of
CA info.
Added options to the stream context so that the $sslVerifyHost, $sslVerifyCert,
and $caInfo
parameters now work in non-CURL environments.
Change-Id: Iab2bda1ebcf20b625b019c91ae6352b5405dcc01
---
M includes/HttpFunctions.php
1 file changed, 20 insertions(+), 4 deletions(-)
Approvals:
Demon: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 1c9ad38..a6ef99a 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -46,9 +46,9 @@
* Otherwise it will use $wgHTTPProxy (if set)
* Otherwise it will use the environment
variable "http_proxy" (if set)
* - noProxy Don't use any proxy at all. Takes
precedence over proxy value(s).
- * - sslVerifyHost (curl only) Verify hostname against
certificate
- * - sslVerifyCert (curl only) Verify SSL certificate
- * - caInfo (curl only) Provide CA information
+ * - sslVerifyHost Verify hostname against certificate
+ * - sslVerifyCert Verify SSL certificate
+ * - caInfo Provide CA information
* - maxRedirects Maximum number of redirects to follow
(defaults to 5)
* - followRedirects Whether to follow redirects (defaults to
false).
* Note: this should only be used when
the target URL is trusted,
@@ -885,7 +885,23 @@
$options['timeout'] = $this->timeout;
- $context = stream_context_create( array( 'http' => $options ) );
+ if ( $this->sslVerifyHost ) {
+ $options['CN_match'] = $this->parsedUrl['host'];
+ }
+ if ( $this->sslVerifyCert ) {
+ $options['verify_peer'] = true;
+ }
+
+ if ( is_dir( $this->caInfo ) ) {
+ $options['capath'] = $this->caInfo;
+ } elseif ( is_file( $this->caInfo ) ) {
+ $options['cafile'] = $this->caInfo;
+ } elseif ( $this->caInfo ) {
+ throw new MWException( "Invalid CA info passed:
{$this->caInfo}" );
+ }
+
+ $scheme = $this->parsedUrl['scheme'];
+ $context = stream_context_create( array( "$scheme" => $options
) );
$this->headerList = array();
$reqCount = 0;
--
To view, visit https://gerrit.wikimedia.org/r/54584
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iab2bda1ebcf20b625b019c91ae6352b5405dcc01
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Parent5446 <[email protected]>
Gerrit-Reviewer: Demon <[email protected]>
Gerrit-Reviewer: Tim Starling <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
