1
0
Fork 0

Add a bundled cacert.pem as a last resort option

pull/2745/head
Pádraic Brady 2014-03-02 14:06:47 +00:00
parent 306ba77e93
commit 470fb58273
4 changed files with 3819 additions and 11 deletions

3785
res/cacert.pem Normal file

File diff suppressed because it is too large Load Diff

View File

@ -110,6 +110,9 @@ class Compiler
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/include_paths.php'));
}
$this->addFile($phar, new \SplFileInfo(__DIR__.'/../../vendor/composer/ClassLoader.php'));
$this->addFile($phar, new \SplFileInfo(__DIR__ . '/../../res/cacert.pem'), false);
$this->addComposerBin($phar);
// Stubs

View File

@ -50,7 +50,7 @@ class ConfigValidator
// validate json schema
$laxValid = false;
try {
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO
$json = new JsonFile($file, Factory::createRemoteFilesystem($this->io)); //TODO - can't configure here obviouslyS
$manifest = $json->read();
$json->validateSchema(JsonFile::LAX_SCHEMA);

View File

@ -486,14 +486,27 @@ class RemoteFilesystem
);
/**
* Attempt to find a local cafile or throw an exception.
* Attempt to find a local cafile or throw an exception if none pre-set
* The user may go download one if this occurs.
*/
$result = $this->getSystemCaRootBundlePath();
if ($result) {
$options['ssl']['cafile'] = $result;
} else {
throw new TransportException('A valid cafile could not be located automatically.');
if (!isset($this->options['ssl']['cafile'])) {
$result = $this->getSystemCaRootBundlePath();
if ($result) {
if (preg_match("|^phar://|", $result)) {
$tmp = rtrim(sys_get_temp_dir(), '\\/');
$target = $tmp . DIRECTORY_SEPARATOR . 'composer-cacert.pem';
$cacert = file_get_contents($result);
$write = file_put_contents($target, $cacert, LOCK_EX);
if (!$write) {
throw new TransportException('Unable to write bundled cacert.pem to: '.$target);
}
$options['ssl']['cafile'] = $target;
} else {
$options['ssl']['cafile'] = $result;
}
} else {
throw new TransportException('A valid cafile could not be located automatically.');
}
}
/**
@ -560,13 +573,20 @@ class RemoteFilesystem
'/opt/local/share/curl/curl-ca-bundle.crt', // OS X macports, curl-ca-bundle package
'/usr/local/share/curl/curl-ca-bundle.crt', // Default cURL CA bunde path (without --with-ca-bundle option)
'/usr/share/ssl/certs/ca-bundle.crt', // Really old RedHat?
__DIR__.'/../../../res/cacert.pem', // Bundled with Composer
);
static $found = false;
foreach ($caBundlePaths as $caBundle) {
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
$found = true;
break;
$configured = ini_get('openssl.cafile');
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
$found = true;
$caBundle = $configured;
} else {
foreach ($caBundlePaths as $caBundle) {
if (is_readable($caBundle) && \openssl_x509_parse(file_get_contents($caBundle))) {
$found = true;
break;
}
}
}
if ($found) {