From 546730dcf3da4d2689664116c0639655aa428b6b Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 19 Jan 2016 17:34:05 +0000 Subject: [PATCH] Show CA files being used in debug mode, refs #4792 --- src/Composer/Util/RemoteFilesystem.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php index e4aa38fee..4754e304b 100644 --- a/src/Composer/Util/RemoteFilesystem.php +++ b/src/Composer/Util/RemoteFilesystem.php @@ -58,7 +58,7 @@ class RemoteFilesystem if (isset($options['ssl']['cafile']) && ( !is_readable($options['ssl']['cafile']) - || !self::validateCaFile(file_get_contents($options['ssl']['cafile'])) + || !$this->validateCaFile($options['ssl']['cafile']) ) ) { throw new TransportException('The configured cafile was not valid or could not be read.'); @@ -636,7 +636,7 @@ class RemoteFilesystem * The user may go download one if this occurs. */ if (!isset($this->options['ssl']['cafile'])) { - $result = self::getSystemCaRootBundlePath(); + $result = $this->getSystemCaRootBundlePath(); if ($result) { if (preg_match('{^phar://}', $result)) { $targetPath = rtrim(sys_get_temp_dir(), '\\/') . '/composer-cacert.pem'; @@ -705,7 +705,7 @@ class RemoteFilesystem * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - private static function getSystemCaRootBundlePath() + private function getSystemCaRootBundlePath() { static $caPath = null; @@ -716,7 +716,7 @@ class RemoteFilesystem // If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that. // This mimics how OpenSSL uses the SSL_CERT_FILE env variable. $envCertFile = getenv('SSL_CERT_FILE'); - if ($envCertFile && is_readable($envCertFile) && self::validateCaFile(file_get_contents($envCertFile))) { + if ($envCertFile && is_readable($envCertFile) && $this->validateCaFile($envCertFile)) { // Possibly throw exception instead of ignoring SSL_CERT_FILE if it's invalid? return $caPath = $envCertFile; } @@ -736,12 +736,12 @@ class RemoteFilesystem ); $configured = ini_get('openssl.cafile'); - if ($configured && strlen($configured) > 0 && is_readable($configured) && self::validateCaFile(file_get_contents($configured))) { + if ($configured && strlen($configured) > 0 && is_readable($configured) && $this->validateCaFile($configured)) { return $caPath = $configured; } foreach ($caBundlePaths as $caBundle) { - if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) { + if (@is_readable($caBundle) && $this->validateCaFile($caBundle)) { return $caPath = $caBundle; } } @@ -756,8 +756,13 @@ class RemoteFilesystem return $caPath = false; } - private static function validateCaFile($contents) + private function validateCaFile($filename) { + if ($this->io->isDebug()) { + $this->io->writeError('Checking CA file '.realpath($filename)); + } + $contents = file_get_contents($filename); + // assume the CA is valid if php is vulnerable to // https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html if (