1
0
Fork 0

Add support for SSL_CERT_DIR and openssl.capath, fixes #5017

pull/5021/head
Jordi Boggiano 2016-03-07 12:58:51 +00:00
parent 8344c6d3d7
commit 4cc719cab3
1 changed files with 12 additions and 1 deletions

View File

@ -881,15 +881,26 @@ class RemoteFilesystem
// This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
$envCertFile = getenv('SSL_CERT_FILE');
if ($envCertFile && is_readable($envCertFile) && $this->validateCaFile($envCertFile)) {
// Possibly throw exception instead of ignoring SSL_CERT_FILE if it's invalid?
return $caPath = $envCertFile;
}
// If SSL_CERT_DIR env variable points to a valid certificate/bundle, use that.
// This mimics how OpenSSL uses the SSL_CERT_FILE env variable.
$envCertDir = getenv('SSL_CERT_DIR');
if ($envCertDir && is_dir($envCertDir) && is_readable($envCertDir)) {
return $caPath = $envCertDir;
}
$configured = ini_get('openssl.cafile');
if ($configured && strlen($configured) > 0 && is_readable($configured) && $this->validateCaFile($configured)) {
return $caPath = $configured;
}
$configured = ini_get('openssl.capath');
if ($configured && is_dir($configured) && is_readable($configured)) {
return $caPath = $configured;
}
$caBundlePaths = array(
'/etc/pki/tls/certs/ca-bundle.crt', // Fedora, RHEL, CentOS (ca-certificates package)
'/etc/ssl/certs/ca-certificates.crt', // Debian, Ubuntu, Gentoo, Arch Linux (ca-certificates package)