1
0
Fork 0

Code cleanups

pull/4759/head
Jordi Boggiano 2016-01-16 16:43:33 +00:00
parent 72fae0bf70
commit fb848d2e07
3 changed files with 27 additions and 46 deletions

View File

@ -523,7 +523,7 @@ class Factory
{
static $warned = false;
$disableTls = false;
if (isset($config) && $config->get('disable-tls') === true) {
if ($config && $config->get('disable-tls') === true) {
if (!$warned) {
$io->write('<warning>You are running Composer with SSL/TLS protection disabled.</warning>');
}
@ -535,7 +535,7 @@ class Factory
}
$remoteFilesystemOptions = array();
if ($disableTls === false) {
if (isset($config) && $config->get('cafile')) {
if ($config && $config->get('cafile')) {
$remoteFilesystemOptions = array('ssl' => array('cafile' => $config->get('cafile')));
}
$remoteFilesystemOptions = array_merge_recursive($remoteFilesystemOptions, $options);

View File

@ -526,7 +526,7 @@ class RemoteFilesystem
return $options;
}
protected function getTlsDefaults()
private function getTlsDefaults()
{
$ciphers = implode(':', array(
'ECDHE-RSA-AES128-GCM-SHA256',
@ -617,7 +617,7 @@ class RemoteFilesystem
/**
* Disable TLS compression to prevent CRIME attacks where supported.
*/
if (version_compare(PHP_VERSION, '5.4.13') >= 0) {
if (PHP_VERSION_ID >= 50413) {
$options['ssl']['disable_compression'] = true;
}
@ -658,9 +658,10 @@ class RemoteFilesystem
*/
private static function getSystemCaRootBundlePath()
{
static $found = null;
if ($found !== null) {
return $found;
static $caPath = null;
if ($caPath !== null) {
return $caPath;
}
// If SSL_CERT_FILE env variable points to a valid certificate/bundle, use that.
@ -668,7 +669,7 @@ class RemoteFilesystem
$envCertFile = getenv('SSL_CERT_FILE');
if ($envCertFile && is_readable($envCertFile) && self::validateCaFile(file_get_contents($envCertFile))) {
// Possibly throw exception instead of ignoring SSL_CERT_FILE if it's invalid?
return $envCertFile;
return $caPath = $envCertFile;
}
$caBundlePaths = array(
@ -687,29 +688,23 @@ class RemoteFilesystem
$configured = ini_get('openssl.cafile');
if ($configured && strlen($configured) > 0 && is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) {
$found = true;
$caBundle = $configured;
} else {
return $caPath = $configured;
}
foreach ($caBundlePaths as $caBundle) {
if (@is_readable($caBundle) && self::validateCaFile(file_get_contents($caBundle))) {
$found = true;
break;
return $caPath = $caBundle;
}
}
if (!$found) {
foreach ($caBundlePaths as $caBundle) {
$caBundle = dirname($caBundle);
if (is_dir($caBundle) && glob($caBundle.'/*')) {
$found = true;
break;
return $caPath = $caBundle;
}
}
}
}
if ($found) {
$found = $caBundle;
}
return $found;
return $caPath = false;
}
private static function validateCaFile($contents)

View File

@ -179,8 +179,10 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($res['ssl']['verify_peer']);
$this->assertTrue($res['ssl']['SNI_enabled']);
$this->assertEquals(7, $res['ssl']['verify_depth']);
if (PHP_VERSION_ID < 50600) {
$this->assertEquals('www.example.org', $res['ssl']['CN_match']);
$this->assertEquals('www.example.org', $res['ssl']['SNI_server_name']);
}
$this->assertEquals('/some/path/file.crt', $res['ssl']['cafile']);
if (version_compare(PHP_VERSION, '5.4.13') >= 0) {
$this->assertTrue($res['ssl']['disable_compression']);
@ -189,22 +191,6 @@ class RemoteFilesystemTest extends \PHPUnit_Framework_TestCase
}
}
/**
* @group TLS
*
* Also illustrates a shortcoming with using originUrl (which is not a url but an ID)
* TLS would fail under this scenario if Common Name was www.example.org (i.e. doesn't apply to base example.org)
*/
public function testGetOptionsForUrlSelectsOriginIfNoHttpFileUrlAvailable()
{
$io = $this->getMock('Composer\IO\IOInterface');
$res = $this->callGetOptionsForUrl($io, array('example.org', array('ssl'=>array('cafile'=>'/some/path/file.crt'))), array(), 'www.example.org');
$this->assertEquals('example.org', $res['ssl']['CN_match']);
$this->assertEquals('example.org', $res['ssl']['SNI_server_name']);
}
protected function callGetOptionsForUrl($io, array $args = array(), array $options = array(), $fileUrl = '')
{
$fs = new RemoteFilesystem($io, null, $options);