use our own CA bundle as authoritative for backend communications. This avoids OS dependent CA validity mismatches.
This commit is contained in:
parent
8b278db05c
commit
b4057cfeb4
5
boot.php
5
boot.php
@ -2141,3 +2141,8 @@ function construct_page(&$a) {
|
|||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function appdirpath() {
|
||||||
|
return dirname(__FILE__);
|
||||||
|
}
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function get_capath() {
|
||||||
|
return appdirpath() . '/library/cacert.pem';
|
||||||
|
}
|
||||||
|
|
||||||
// curl wrapper. If binary flag is true, return binary
|
// curl wrapper. If binary flag is true, return binary
|
||||||
// results.
|
// results.
|
||||||
|
|
||||||
@ -14,6 +19,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
@curl_setopt($ch, CURLOPT_HEADER, true);
|
@curl_setopt($ch, CURLOPT_HEADER, true);
|
||||||
|
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||||
|
|
||||||
if (!is_null($accept_content)){
|
if (!is_null($accept_content)){
|
||||||
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
||||||
@ -104,6 +110,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0)
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||||
|
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
||||||
curl_setopt($ch, CURLOPT_POST,1);
|
curl_setopt($ch, CURLOPT_POST,1);
|
||||||
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
||||||
@ -200,6 +207,7 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accep
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
@curl_setopt($ch, CURLOPT_HEADER, true);
|
@curl_setopt($ch, CURLOPT_HEADER, true);
|
||||||
|
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||||
|
|
||||||
if (!is_null($accept_content)){
|
if (!is_null($accept_content)){
|
||||||
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
|
||||||
@ -288,6 +296,7 @@ function z_post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0
|
|||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||||
|
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
|
||||||
curl_setopt($ch, CURLOPT_POST,1);
|
curl_setopt($ch, CURLOPT_POST,1);
|
||||||
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
|
||||||
|
@ -150,7 +150,9 @@ function zot_finger($webbie,$channel) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$rhs = '/.well-known/zot-info';
|
$rhs = '/.well-known/zot-info';
|
||||||
|
$https = ((strpos($url,'https://') === 0) ? true : false);
|
||||||
|
|
||||||
|
logger('zot_finger: ' . $url, LOGGER_DEBUG);
|
||||||
|
|
||||||
if($channel) {
|
if($channel) {
|
||||||
$postvars = array(
|
$postvars = array(
|
||||||
@ -161,17 +163,30 @@ function zot_finger($webbie,$channel) {
|
|||||||
);
|
);
|
||||||
|
|
||||||
$result = z_post_url($url . $rhs,$postvars);
|
$result = z_post_url($url . $rhs,$postvars);
|
||||||
if(! $result['success'])
|
|
||||||
$result = z_post_url('http://' . $host . $rhs,$postvars);
|
|
||||||
|
if(! $result['success']) {
|
||||||
|
if($https) {
|
||||||
|
logger('zot_finger: https failed. falling back to http');
|
||||||
|
$result = z_post_url('http://' . $host . $rhs,$postvars);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$rhs .= '?f=&address=' . urlencode($address);
|
$rhs .= '?f=&address=' . urlencode($address);
|
||||||
|
|
||||||
$result = z_fetch_url($url . $rhs);
|
$result = z_fetch_url($url . $rhs);
|
||||||
if(! $result['success'])
|
if(! $result['success']) {
|
||||||
$result = z_fetch_url('http://' . $host . $rhs);
|
if($https) {
|
||||||
|
logger('zot_finger: https failed. falling back to http');
|
||||||
|
$result = z_fetch_url('http://' . $host . $rhs);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(! $result['success'])
|
||||||
|
logger('zot_finger: no results');
|
||||||
|
|
||||||
return $result;
|
return $result;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
3895
library/cacert.pem
Normal file
3895
library/cacert.pem
Normal file
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user