public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Disable secure-http automatically when disable-tls is enabled, fixes #9235

pull/9280/head
Jordi Boggiano 2020-10-12 07:57:14 +02:00
parent 2c6a9aba32
commit 28fe3baf9c
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/06-config.md
View File

@ -96,7 +96,8 @@ gitlab.com the domain names must be also specified with the
Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP
instead and no network level encryption is performed. Enabling this is a
security risk and is NOT recommended. The better way is to enable the
php_openssl extension in php.ini.
php_openssl extension in php.ini. Enabling this will implicitly disable the
`secure-http` option.
## secure-http

4
src/Composer/Config.php
View File

@ -328,6 +328,10 @@ class Config
case 'disable-tls':
return $this->config[$key] !== 'false' && (bool) $this->config[$key];
case 'secure-http':
if ($this->get('disable-tls') === true) {
return false;
}
return $this->config[$key] !== 'false' && (bool) $this->config[$key];
case 'use-github-api':
return $this->config[$key] !== 'false' && (bool) $this->config[$key];