harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use our own CA bundle as authoritative for backend communications. This avoids OS dependent CA validity mismatches.

Browse Source
This commit is contained in:
friendica 2013-02-13 20:09:30 -08:00
parent 8b278db05c
commit b4057cfeb4
4 changed files with 3928 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
boot.php
View File

@ -2141,3 +2141,8 @@ function construct_page(&$a) {
return; return;
} }
function appdirpath() {
return dirname(__FILE__);
}

9
include/network.php
View File

@ -1,6 +1,11 @@
<?php <?php
function get_capath() {
return appdirpath() . '/library/cacert.pem';
}
// curl wrapper. If binary flag is true, return binary // curl wrapper. If binary flag is true, return binary
// results. // results.
@ -14,6 +19,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_
return false; return false;
@curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
if (!is_null($accept_content)){ if (!is_null($accept_content)){
curl_setopt($ch,CURLOPT_HTTPHEADER, array ( curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@ -104,6 +110,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0)
return false; return false;
curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params); curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
@ -200,6 +207,7 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accep
return false; return false;
@curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
if (!is_null($accept_content)){ if (!is_null($accept_content)){
curl_setopt($ch,CURLOPT_HTTPHEADER, array ( curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@ -288,6 +296,7 @@ function z_post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0
return ret; return ret;
curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params); curl_setopt($ch, CURLOPT_POSTFIELDS,$params);

23
include/zot.php
View File

@ -150,7 +150,9 @@ function zot_finger($webbie,$channel) {
} }
$rhs = '/.well-known/zot-info'; $rhs = '/.well-known/zot-info';
$https = ((strpos($url,'https://') === 0) ? true : false);
logger('zot_finger: ' . $url, LOGGER_DEBUG);
if($channel) { if($channel) {
$postvars = array( $postvars = array(
@ -161,17 +163,30 @@ function zot_finger($webbie,$channel) {
); );
$result = z_post_url($url . $rhs,$postvars); $result = z_post_url($url . $rhs,$postvars);
if(! $result['success'])
$result = z_post_url('http://' . $host . $rhs,$postvars);
if(! $result['success']) {
if($https) {
logger('zot_finger: https failed. falling back to http');
$result = z_post_url('http://' . $host . $rhs,$postvars);
}
}
} }
else { else {
$rhs .= '?f=&address=' . urlencode($address); $rhs .= '?f=&address=' . urlencode($address);
$result = z_fetch_url($url . $rhs); $result = z_fetch_url($url . $rhs);
if(! $result['success']) if(! $result['success']) {
$result = z_fetch_url('http://' . $host . $rhs); if($https) {
logger('zot_finger: https failed. falling back to http');
$result = z_fetch_url('http://' . $host . $rhs);
}
}
} }
if(! $result['success'])
logger('zot_finger: no results');
return $result; return $result;
} }

3895
library/cacert.pem Normal file
View File

File diff suppressed because it is too large Load Diff