1
0
Fork 0

Merge branch '1.10'

pull/9278/head
Jordi Boggiano 2020-10-12 08:33:39 +02:00
commit f966de94a9
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
3 changed files with 12 additions and 2 deletions

View File

@ -101,7 +101,8 @@ gitlab.com the domain names must be also specified with the
Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP
instead and no network level encryption is performed. Enabling this is a instead and no network level encryption is performed. Enabling this is a
security risk and is NOT recommended. The better way is to enable the security risk and is NOT recommended. The better way is to enable the
php_openssl extension in php.ini. php_openssl extension in php.ini. Enabling this will implicitly disable the
`secure-http` option.
## secure-http ## secure-http

View File

@ -253,6 +253,11 @@ class Config
case 'secure-http': case 'secure-http':
case 'use-github-api': case 'use-github-api':
case 'lock': case 'lock':
// special case for secure-http
if ($key === 'secure-http' && $this->get('disable-tls') === true) {
return false;
}
return $this->config[$key] !== 'false' && (bool) $this->config[$key]; return $this->config[$key] !== 'false' && (bool) $this->config[$key];
// ints without env var support // ints without env var support

View File

@ -600,7 +600,11 @@ class Factory
{ {
static $warned = false; static $warned = false;
$disableTls = false; $disableTls = false;
if ($config && $config->get('disable-tls') === true) { // allow running the config command if disable-tls is in the arg list, even if openssl is missing, to allow disabling it via the config command
if (isset($_SERVER['argv']) && in_array('disable-tls', $_SERVER['argv']) && (in_array('conf', $_SERVER['argv']) || in_array('config', $_SERVER['argv']))) {
$warned = true;
$disableTls = !extension_loaded('openssl');
} elseif ($config && $config->get('disable-tls') === true) {
if (!$warned) { if (!$warned) {
$io->writeError('<warning>You are running Composer with SSL/TLS protection disabled.</warning>'); $io->writeError('<warning>You are running Composer with SSL/TLS protection disabled.</warning>');
} }