diff --git a/CHANGELOG.md b/CHANGELOG.md index 4effc9695..31fa7969b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## xx/xx/2017 1. [](#improved) + * Implemented `Composer\CaBundle` for SSL Certs [#1241](https://github.com/getgrav/grav/issues/1241) * Refactored the Assets sorting logic 1. [](#bugfix) * Fixed `Page::summary()` when using delimiter and multibyte UTF8 Characters [#1644](https://github.com/getgrav/grav/issues/1644) diff --git a/composer.json b/composer.json index df12d925e..b7f70a460 100644 --- a/composer.json +++ b/composer.json @@ -31,7 +31,8 @@ "ext-zip": "*", "league/climate": "^3.2", "antoligy/dom-string-iterators": "^1.0", - "miljar/php-exif": "^0.6.3" + "miljar/php-exif": "^0.6.3", + "composer/ca-bundle": "^1.0" }, "require-dev": { "codeception/codeception": "^2.1", diff --git a/composer.lock b/composer.lock index a02dad7c6..46d24e8fc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "093b6264edbdec148beb6ee2461a5e72", + "content-hash": "0ef484ce04cc68e9fd7096f7d0644a40", "packages": [ { "name": "antoligy/dom-string-iterators", @@ -50,6 +50,65 @@ "description": "Composer package for DOMWordsIterator and DOMLettersIterator", "time": "2015-11-04T17:33:14+00:00" }, + { + "name": "composer/ca-bundle", + "version": "1.0.8", + "source": { + "type": "git", + "url": "https://github.com/composer/ca-bundle.git", + "reference": "9dd73a03951357922d8aee6cc084500de93e2343" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/9dd73a03951357922d8aee6cc084500de93e2343", + "reference": "9dd73a03951357922d8aee6cc084500de93e2343", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "ext-pcre": "*", + "php": "^5.3.2 || ^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.5", + "psr/log": "^1.0", + "symfony/process": "^2.5 || ^3.0" + }, + "suggest": { + "symfony/process": "This is necessary to reliably check whether openssl_x509_parse is vulnerable on older php versions, but can be ignored on PHP 5.5.6+" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Composer\\CaBundle\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "http://seld.be" + } + ], + "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.", + "keywords": [ + "cabundle", + "cacert", + "certificate", + "ssl", + "tls" + ], + "time": "2017-09-11T07:24:36+00:00" + }, { "name": "doctrine/cache", "version": "v1.6.2", diff --git a/system/src/Grav/Common/GPM/Response.php b/system/src/Grav/Common/GPM/Response.php index e710e03ca..ffb8caf05 100644 --- a/system/src/Grav/Common/GPM/Response.php +++ b/system/src/Grav/Common/GPM/Response.php @@ -112,6 +112,16 @@ class Response $config = Grav::instance()['config']; $overrides = []; + // Override CA Bundle + $caPathOrFile = \Composer\CaBundle\CaBundle::getSystemCaRootBundlePath(); + if (is_dir($caPathOrFile) || (is_link($caPathOrFile) && is_dir(readlink($caPathOrFile)))) { + $overrides['curl'][CURLOPT_CAPATH] = $caPathOrFile; + $overrides['fopen']['ssl']['capath'] = $caPathOrFile; + } else { + $overrides['curl'][CURLOPT_CAINFO] = $caPathOrFile; + $overrides['fopen']['ssl']['cafile'] = $caPathOrFile; + } + // SSL Verify Peer and Proxy Setting $settings = [ 'method' => $config->get('system.gpm.method', self::$method),