harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

setup: check for open https port with an invalid cert, even if configured to use http. Also a bit more word-smithing on the resultant error text but it's still not perfect.

Browse Source
This commit is contained in:
friendica 2014-05-06 17:32:22 -07:00
parent abf0dd5ecf
commit cc68e06dee
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
mod/setup.php
View File

@ -545,23 +545,37 @@ function check_htaccess(&$checks) {
$a = get_app(); $a = get_app();
$status = true; $status = true;
$help = ""; $help = "";
$ssl_error = false;
$url = $a->get_baseurl() . '/test/rewrite';
if (function_exists('curl_init')){ if (function_exists('curl_init')){
$test = z_fetch_url($a->get_baseurl()."/setup/testrewrite"); $test = z_fetch_url($url);
if(! $test['success']) { if(! $test['success']) {
if(strstr($a->get_baseurl(),'https://')) { if(strstr($url,'https://')) {
$test = z_fetch_url($a->get_baseurl() . "/setup/testrewrite",false,0,array('novalidate' => true)); $test = z_fetch_url($url,false,0,array('novalidate' => true));
if($test['success']) { if($test['success']) {
$ssl_error = true;
}
}
else {
$test = z_fetch_url(str_replace('http://','https://',$url),false,0,array('novalidate' => true));
if($test['success']) {
$ssl_error = true;
}
}
if($ssl_error) {
$help = t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.') . EOL; $help = t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.') . EOL;
$help .= t('If you use https access, you MUST use a certification instance known by all internet browsers. You MUST NOT use self-signed certificates!') . EOL; $help .= t('If you have https access to your website or allow connections to TCP port 443 (the https: port), you MUST use a browser-valid certificate. You MUST NOT use self-signed certificates!') . EOL;
$help .= t('This restriction is incorporated because public posts from you may for example contain references to images on your own hub. If your') . EOL; $help .= t('This restriction is incorporated because public posts from you may for example contain references to images on your own hub.') . EOL;
$help .= t('certificate is not known by the internet browser of users they get a warning message complaining about some security issues. Although') . EOL; $help .= t('If your certificate is not recognised, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL;
$help .= t('these complains are not the real truth - there are no security issues with your encryption! - the users may be confused, nerved or even') .EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL;
$help .= t('worse may become scared about redmatrix having security issues. Use one of the free certification instances!') . EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL;
check_add($checks, t('SSL certificate validation'),false,true, $help); check_add($checks, t('SSL certificate validation'),false,true, $help);
} }
} }
}
if ((! $test['success']) || ($test['body'] != "ok")) { if ((! $test['success']) || ($test['body'] != "ok")) {
$status = false; $status = false;

2
version.inc
View File

@ -1 +1 @@
2014-05-05.666 2014-05-06.667