use our own CA bundle as authoritative for backend communications. This avoids OS dependent CA validity mismatches.
This commit is contained in:
friendica
parent
8b278db05c
commit
b4057cfeb4
5
boot.php
5
boot.php
@ -2141,3 +2141,8 @@ function construct_page(&$a) {
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
function appdirpath() {
|
||||
return dirname(__FILE__);
|
||||
}
|
||||
|
||||
@ -1,6 +1,11 @@
|
||||
<?php
|
||||
|
||||
|
||||
|
||||
function get_capath() {
|
||||
return appdirpath() . '/library/cacert.pem';
|
||||
}
|
||||
|
||||
// curl wrapper. If binary flag is true, return binary
|
||||
// results.
|
||||
|
||||
@ -14,6 +19,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_
|
||||
return false;
|
||||
|
||||
@curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||
|
||||
if (!is_null($accept_content)){
|
||||
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
||||
@ -104,6 +110,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0)
|
||||
return false;
|
||||
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
||||
curl_setopt($ch, CURLOPT_POST,1);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
||||
@ -200,6 +207,7 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accep
|
||||
return false;
|
||||
|
||||
@curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||
|
||||
if (!is_null($accept_content)){
|
||||
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
||||
@ -288,6 +296,7 @@ function z_post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0
|
||||
return ret;
|
||||
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
||||
curl_setopt($ch, CURLOPT_POST,1);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
||||
|
||||
@ -150,7 +150,9 @@ function zot_finger($webbie,$channel) {
|
||||
}
|
||||
|
||||
$rhs = '/.well-known/zot-info';
|
||||
$https = ((strpos($url,'https://') === 0) ? true : false);
|
||||
|
||||
logger('zot_finger: ' . $url, LOGGER_DEBUG);
|
||||
|
||||
if($channel) {
|
||||
$postvars = array(
|
||||
@ -161,17 +163,30 @@ function zot_finger($webbie,$channel) {
|
||||
);
|
||||
|
||||
$result = z_post_url($url . $rhs,$postvars);
|
||||
if(! $result['success'])
|
||||
$result = z_post_url('http://' . $host . $rhs,$postvars);
|
||||
|
||||
|
||||
if(! $result['success']) {
|
||||
if($https) {
|
||||
logger('zot_finger: https failed. falling back to http');
|
||||
$result = z_post_url('http://' . $host . $rhs,$postvars);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$rhs .= '?f=&address=' . urlencode($address);
|
||||
|
||||
$result = z_fetch_url($url . $rhs);
|
||||
if(! $result['success'])
|
||||
$result = z_fetch_url('http://' . $host . $rhs);
|
||||
if(! $result['success']) {
|
||||
if($https) {
|
||||
logger('zot_finger: https failed. falling back to http');
|
||||
$result = z_fetch_url('http://' . $host . $rhs);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(! $result['success'])
|
||||
logger('zot_finger: no results');
|
||||
|
||||
return $result;
|
||||
|
||||
}
|
||||
|
||||
3895
library/cacert.pem
Normal file
3895
library/cacert.pem
Normal file
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user