diff --git a/src/Composer/Factory.php b/src/Composer/Factory.php index cf09b490a..084a6f0d0 100644 --- a/src/Composer/Factory.php +++ b/src/Composer/Factory.php @@ -523,7 +523,7 @@ class Factory { static $warned = false; $disableTls = false; - if (isset($config) && $config->get('disable-tls') === true) { + if ($config && $config->get('disable-tls') === true) { if (!$warned) { $io->write('You are running Composer with SSL/TLS protection disabled.'); } @@ -535,7 +535,7 @@ class Factory } $remoteFilesystemOptions = array(); if ($disableTls === false) { - if (isset($config) && $config->get('cafile')) { + if ($config && $config->get('cafile')) { $remoteFilesystemOptions = array('ssl' => array('cafile' => $config->get('cafile'))); } $remoteFilesystemOptions = array_merge_recursive($remoteFilesystemOptions, $options); diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php index 7d1e36736..cf8e08dc3 100644 --- a/src/Composer/Util/RemoteFilesystem.php +++ b/src/Composer/Util/RemoteFilesystem.php @@ -526,7 +526,7 @@ class RemoteFilesystem return $options; } - protected function getTlsDefaults() + private function getTlsDefaults() { $ciphers = implode(':', array( 'ECDHE-RSA-AES128-GCM-SHA256', @@ -617,7 +617,7 @@ class RemoteFilesystem /** * Disable TLS compression to prevent CRIME attacks where supported. */ - if (version_compare(PHP_VERSION, '5.4.13') >= 0) { + if (PHP_VERSION_ID >= 50413) { $options['ssl']['disable_compression'] = true; } @@ -658,9 +658,10 @@ class RemoteFilesystem */ private static function getSystemCaRootBundlePath() { - static $found = null; - if ($found !== null) { - return $found; + static $caPath = null; + + if ($caPath !== null) { + return $caPath; } // If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that. @@ -668,7 +669,7 @@ class RemoteFilesystem $envCertFile = getenv('SSL_CERT_FILE'); if ($envCertFile && is_readable($envCertFile) && self::validateCaFile(file_get_contents($envCertFile))) { // Possibly throw exception instead of ignoring SSL_CERT_FILE if it's invalid? - return $envCertFile; + return $caPath = $envCertFile; } $caBundlePaths = array( @@ -687,29 +688,23 @@ class RemoteFilesystem $configured = ini_get('openssl.cafile'); if ($configured && strlen($configured) > 0 && is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) { - $found = true; - $caBundle = $configured; - } else { - foreach ($caBundlePaths as $caBundle) { - if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) { - $found = true; - break; - } - } - if (!$found) { - foreach ($caBundlePaths as $caBundle) { - $caBundle = dirname($caBundle); - if (is_dir($caBundle) && glob($caBundle.'/*')) { - $found = true; - break; - } - } + return $caPath = $configured; + } + + foreach ($caBundlePaths as $caBundle) { + if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) { + return $caPath = $caBundle; } } - if ($found) { - $found = $caBundle; + + foreach ($caBundlePaths as $caBundle) { + $caBundle = dirname($caBundle); + if (is_dir($caBundle) && glob($caBundle.'/*')) { + return $caPath = $caBundle; + } } - return $found; + + return $caPath = false; } private static function validateCaFile($contents) diff --git a/tests/Composer/Test/Util/RemoteFilesystemTest.php b/tests/Composer/Test/Util/RemoteFilesystemTest.php index 84be91dec..6647e6d5c 100644 --- a/tests/Composer/Test/Util/RemoteFilesystemTest.php +++ b/tests/Composer/Test/Util/RemoteFilesystemTest.php @@ -179,8 +179,10 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase $this->assertTrue($res['ssl']['verify_peer']); $this->assertTrue($res['ssl']['SNI_enabled']); $this->assertEquals(7, $res['ssl']['verify_depth']); - $this->assertEquals('www.example.org', $res['ssl']['CN_match']); - $this->assertEquals('www.example.org', $res['ssl']['SNI_server_name']); + if (PHP_VERSION_ID < 50600) { + $this->assertEquals('www.example.org', $res['ssl']['CN_match']); + $this->assertEquals('www.example.org', $res['ssl']['SNI_server_name']); + } $this->assertEquals('/some/path/file.crt', $res['ssl']['cafile']); if (version_compare(PHP_VERSION, '5.4.13') >= 0) { $this->assertTrue($res['ssl']['disable_compression']); @@ -189,22 +191,6 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase } } - /** - * @group TLS - * - * Also illustrates a shortcoming with using originUrl (which is not a url but an ID) - * TLS would fail under this scenario if Common Name was www.example.org (i.e. doesn't apply to base example.org) - */ - public function testGetOptionsForUrlSelectsOriginIfNoHttpFileUrlAvailable() - { - $io = $this->getMock('Composer\IO\IOInterface'); - - $res = $this->callGetOptionsForUrl($io, array('example.org', array('ssl'=>array('cafile'=>'/some/path/file.crt'))), array(), 'www.example.org'); - - $this->assertEquals('example.org', $res['ssl']['CN_match']); - $this->assertEquals('example.org', $res['ssl']['SNI_server_name']); - } - protected function callGetOptionsForUrl($io, array $args = array(), array $options = array(), $fileUrl = '') { $fs = new RemoteFilesystem($io, null, $options);