Add a bundled cacert.pem as a last resort option
parent
306ba77e93
commit
470fb58273
File diff suppressed because it is too large
Load Diff
|
@ -110,6 +110,9 @@ class Compiler
|
|||
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
|
||||
}
|
||||
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
|
||||
|
||||
$this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../res/cacert.pem'), false);
|
||||
|
||||
$this->addComposerBin($phar);
|
||||
|
||||
// Stubs
|
||||
|
|
|
@ -50,7 +50,7 @@ class ConfigValidator
|
|||
// validate json schema
|
||||
$laxValid = false;
|
||||
try {
|
||||
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO
|
||||
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO - can't configure here obviouslyS
|
||||
$manifest = $json->read();
|
||||
|
||||
$json->validateSchema(JsonFile::LAX_SCHEMA);
|
||||
|
|
|
@ -486,15 +486,28 @@ class RemoteFilesystem
|
|||
);
|
||||
|
||||
/**
|
||||
* Attempt to find a local cafile or throw an exception.
|
||||
* Attempt to find a local cafile or throw an exception if none pre-set
|
||||
* The user may go download one if this occurs.
|
||||
*/
|
||||
if (!isset($this->options['ssl']['cafile'])) {
|
||||
$result = $this->getSystemCaRootBundlePath();
|
||||
if ($result) {
|
||||
if (preg_match("|^phar://|", $result)) {
|
||||
$tmp = rtrim(sys_get_temp_dir(), '\\/');
|
||||
$target = $tmp . DIRECTORY_SEPARATOR . 'composer-cacert.pem';
|
||||
$cacert = file_get_contents($result);
|
||||
$write = file_put_contents($target, $cacert, LOCK_EX);
|
||||
if (!$write) {
|
||||
throw new TransportException('Unable to write bundled cacert.pem to: '.$target);
|
||||
}
|
||||
$options['ssl']['cafile'] = $target;
|
||||
} else {
|
||||
$options['ssl']['cafile'] = $result;
|
||||
}
|
||||
} else {
|
||||
throw new TransportException('A valid cafile could not be located automatically.');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable TLS compression to prevent CRIME attacks where supported.
|
||||
|
@ -560,15 +573,22 @@ class RemoteFilesystem
|
|||
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
|
||||
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
|
||||
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
|
||||
__DIR__.'/../../../res/cacert.pem', // Bundled with Composer
|
||||
);
|
||||
|
||||
static $found = false;
|
||||
$configured = ini_get('openssl.cafile');
|
||||
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
|
||||
$found = true;
|
||||
$caBundle = $configured;
|
||||
} else {
|
||||
foreach ($caBundlePaths as $caBundle) {
|
||||
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($found) {
|
||||
$found = $caBundle;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue