Code cleanups
Jordi Boggiano
parent
72fae0bf70
commit
fb848d2e07
|
|
@ -523,7 +523,7 @@ class Factory
|
|||
{
|
||||
static $warned = false;
|
||||
$disableTls = false;
|
||||
if (isset($config) && $config->get('disable-tls') === true) {
|
||||
if ($config && $config->get('disable-tls') === true) {
|
||||
if (!$warned) {
|
||||
$io->write('<warning>You are running Composer with SSL/TLS protection disabled.</warning>');
|
||||
}
|
||||
|
|
@ -535,7 +535,7 @@ class Factory
|
|||
}
|
||||
$remoteFilesystemOptions = array();
|
||||
if ($disableTls === false) {
|
||||
if (isset($config) && $config->get('cafile')) {
|
||||
if ($config && $config->get('cafile')) {
|
||||
$remoteFilesystemOptions = array('ssl' => array('cafile' => $config->get('cafile')));
|
||||
}
|
||||
$remoteFilesystemOptions = array_merge_recursive($remoteFilesystemOptions, $options);
|
||||
|
|
|
|||
|
|
@ -526,7 +526,7 @@ class RemoteFilesystem
|
|||
return $options;
|
||||
}
|
||||
|
||||
protected function getTlsDefaults()
|
||||
private function getTlsDefaults()
|
||||
{
|
||||
$ciphers = implode(':', array(
|
||||
'ECDHE-RSA-AES128-GCM-SHA256',
|
||||
|
|
@ -617,7 +617,7 @@ class RemoteFilesystem
|
|||
/**
|
||||
* Disable TLS compression to prevent CRIME attacks where supported.
|
||||
*/
|
||||
if (version_compare(PHP_VERSION, '5.4.13') >= 0) {
|
||||
if (PHP_VERSION_ID >= 50413) {
|
||||
$options['ssl']['disable_compression'] = true;
|
||||
}
|
||||
|
||||
|
|
@ -658,9 +658,10 @@ class RemoteFilesystem
|
|||
*/
|
||||
private static function getSystemCaRootBundlePath()
|
||||
{
|
||||
static $found = null;
|
||||
if ($found !== null) {
|
||||
return $found;
|
||||
static $caPath = null;
|
||||
|
||||
if ($caPath !== null) {
|
||||
return $caPath;
|
||||
}
|
||||
|
||||
// If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that.
|
||||
|
|
@ -668,7 +669,7 @@ class RemoteFilesystem
|
|||
$envCertFile = getenv('SSL_CERT_FILE');
|
||||
if ($envCertFile && is_readable($envCertFile) && self::validateCaFile(file_get_contents($envCertFile))) {
|
||||
// Possibly throw exception instead of ignoring SSL_CERT_FILE if it's invalid?
|
||||
return $envCertFile;
|
||||
return $caPath = $envCertFile;
|
||||
}
|
||||
|
||||
$caBundlePaths = array(
|
||||
|
|
@ -687,29 +688,23 @@ class RemoteFilesystem
|
|||
|
||||
$configured = ini_get('openssl.cafile');
|
||||
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) {
|
||||
$found = true;
|
||||
$caBundle = $configured;
|
||||
} else {
|
||||
foreach ($caBundlePaths as $caBundle) {
|
||||
if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$found) {
|
||||
foreach ($caBundlePaths as $caBundle) {
|
||||
$caBundle = dirname($caBundle);
|
||||
if (is_dir($caBundle) && glob($caBundle.'/*')) {
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $caPath = $configured;
|
||||
}
|
||||
|
||||
foreach ($caBundlePaths as $caBundle) {
|
||||
if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) {
|
||||
return $caPath = $caBundle;
|
||||
}
|
||||
}
|
||||
if ($found) {
|
||||
$found = $caBundle;
|
||||
|
||||
foreach ($caBundlePaths as $caBundle) {
|
||||
$caBundle = dirname($caBundle);
|
||||
if (is_dir($caBundle) && glob($caBundle.'/*')) {
|
||||
return $caPath = $caBundle;
|
||||
}
|
||||
}
|
||||
return $found;
|
||||
|
||||
return $caPath = false;
|
||||
}
|
||||
|
||||
private static function validateCaFile($contents)
|
||||
|
|
|
|||
|
|
@ -179,8 +179,10 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertTrue($res['ssl']['verify_peer']);
|
||||
$this->assertTrue($res['ssl']['SNI_enabled']);
|
||||
$this->assertEquals(7, $res['ssl']['verify_depth']);
|
||||
$this->assertEquals('www.example.org', $res['ssl']['CN_match']);
|
||||
$this->assertEquals('www.example.org', $res['ssl']['SNI_server_name']);
|
||||
if (PHP_VERSION_ID < 50600) {
|
||||
$this->assertEquals('www.example.org', $res['ssl']['CN_match']);
|
||||
$this->assertEquals('www.example.org', $res['ssl']['SNI_server_name']);
|
||||
}
|
||||
$this->assertEquals('/some/path/file.crt', $res['ssl']['cafile']);
|
||||
if (version_compare(PHP_VERSION, '5.4.13') >= 0) {
|
||||
$this->assertTrue($res['ssl']['disable_compression']);
|
||||
|
|
@ -189,22 +191,6 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @group TLS
|
||||
*
|
||||
* Also illustrates a shortcoming with using originUrl (which is not a url but an ID)
|
||||
* TLS would fail under this scenario if Common Name was www.example.org (i.e. doesn't apply to base example.org)
|
||||
*/
|
||||
public function testGetOptionsForUrlSelectsOriginIfNoHttpFileUrlAvailable()
|
||||
{
|
||||
$io = $this->getMock('Composer\IO\IOInterface');
|
||||
|
||||
$res = $this->callGetOptionsForUrl($io, array('example.org', array('ssl'=>array('cafile'=>'/some/path/file.crt'))), array(), 'www.example.org');
|
||||
|
||||
$this->assertEquals('example.org', $res['ssl']['CN_match']);
|
||||
$this->assertEquals('example.org', $res['ssl']['SNI_server_name']);
|
||||
}
|
||||
|
||||
protected function callGetOptionsForUrl($io, array $args = array(), array $options = array(), $fileUrl = '')
|
||||
{
|
||||
$fs = new RemoteFilesystem($io, null, $options);
|
||||
|
|
|
|||
Loading…
Reference in New Issue