Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-10-26 07:56:07 +01:00
Code Issues Packages Projects Releases Activity

Implemented Composer\CaBundle for safer SSL negotiation #1241

Browse Source
This commit is contained in:
Andy Miller
2017-09-14 16:58:09 -06:00
parent 8ff1042fe3
commit ffd61065ac
4 changed files with 73 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -2,6 +2,7 @@
## xx/xx/2017
1. [](#improved)
* Implemented `Composer\CaBundle` for SSL Certs [#1241](https://github.com/getgrav/grav/issues/1241)
* Refactored the Assets sorting logic
1. [](#bugfix)
* Fixed `Page::summary()` when using delimiter and multibyte UTF8 Characters [#1644](https://github.com/getgrav/grav/issues/1644)

3
composer.json
View File

@@ -31,7 +31,8 @@
"ext-zip": "*",
"league/climate": "^3.2",
"antoligy/dom-string-iterators": "^1.0",
"miljar/php-exif": "^0.6.3"
"miljar/php-exif": "^0.6.3",
"composer/ca-bundle": "^1.0"
},
"require-dev": {
"codeception/codeception": "^2.1",

61
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "093b6264edbdec148beb6ee2461a5e72",
"content-hash": "0ef484ce04cc68e9fd7096f7d0644a40",
"packages": [
{
"name": "antoligy/dom-string-iterators",
@@ -50,6 +50,65 @@
"description": "Composer package for DOMWordsIterator and DOMLettersIterator",
"time": "2015-11-04T17:33:14+00:00"
},
{
"name": "composer/ca-bundle",
"version": "1.0.8",
"source": {
"type": "git",
"url": "https://github.com/composer/ca-bundle.git",
"reference": "9dd73a03951357922d8aee6cc084500de93e2343"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/ca-bundle/zipball/9dd73a03951357922d8aee6cc084500de93e2343",
"reference": "9dd73a03951357922d8aee6cc084500de93e2343",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"ext-pcre": "*",
"php": "^5.3.2 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.5",
"psr/log": "^1.0",
"symfony/process": "^2.5 || ^3.0"
},
"suggest": {
"symfony/process": "This is necessary to reliably check whether openssl_x509_parse is vulnerable on older php versions, but can be ignored on PHP 5.5.6+"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
},
"autoload": {
"psr-4": {
"Composer\\CaBundle\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jordi Boggiano",
"email": "j.boggiano@seld.be",
"homepage": "http://seld.be"
}
],
"description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.",
"keywords": [
"cabundle",
"cacert",
"certificate",
"ssl",
"tls"
],
"time": "2017-09-11T07:24:36+00:00"
},
{
"name": "doctrine/cache",
"version": "v1.6.2",

10
system/src/Grav/Common/GPM/Response.php
View File

@@ -112,6 +112,16 @@ class Response
$config = Grav::instance()['config'];
$overrides = [];
// Override CA Bundle
$caPathOrFile = \Composer\CaBundle\CaBundle::getSystemCaRootBundlePath();
if (is_dir($caPathOrFile) || (is_link($caPathOrFile) && is_dir(readlink($caPathOrFile)))) {
$overrides['curl'][CURLOPT_CAPATH] = $caPathOrFile;
$overrides['fopen']['ssl']['capath'] = $caPathOrFile;
} else {
$overrides['curl'][CURLOPT_CAINFO] = $caPathOrFile;
$overrides['fopen']['ssl']['cafile'] = $caPathOrFile;
}
// SSL Verify Peer and Proxy Setting
$settings = [
'method' => $config->get('system.gpm.method', self::$method),