public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256

pull/1609/head
Jordi Boggiano 2013-02-21 17:37:18 +01:00
parent 211b69b38b
commit 995dc40130
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Composer/Config.php
View File

@ -39,6 +39,7 @@ class Config
'packagist' => array(
'type' => 'composer',
'url' => 'https?://packagist.org',
'allow_ssl_downgrade' => true,
)
);

7
src/Composer/Repository/ComposerRepository.php
View File

@ -43,6 +43,7 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
protected $providersByUid = array();
protected $loader;
protected $rootAliases;
protected $allowSslDowngrade = false;
private $rawData;
private $minimalPackages;
private $degradedMode = false;
@ -68,6 +69,9 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
if (!isset($repoConfig['options'])) {
$repoConfig['options'] = array();
}
if (isset($repoConfig['allow_ssl_downgrade']) && true === $repoConfig['allow_ssl_downgrade']) {
$this->allowSslDowngrade = true;
}
$this->config = $config;
$this->options = $repoConfig['options'];
@ -327,6 +331,9 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
}
$data = $this->fetchFile($jsonUrl, 'packages.json');
if ($this->allowSslDowngrade) {
$this->url = str_replace('https://', 'http://', $this->url);
}
// TODO remove this BC notify_batch support
if (!empty($data['notify_batch'])) {