304c268c3b
Tidy up and general improvement of sAN handling code
...
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
2016-01-24 19:02:50 +00:00
7e2a015e9b
Provide support for subjectAltName on PHP < 5.6
2016-01-24 19:02:29 +00:00
d6be2a693b
switch to array-replace-recursive
2016-01-22 14:27:08 +01:00
2393222826
more appropriate name
2016-01-22 09:20:43 +01:00
474541e9aa
apply comments
...
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
2016-01-22 09:14:37 +01:00
c232566e52
add a hash to make sure CA file gets recreated if the content changes
2016-01-21 16:02:44 +01:00
cef97904d0
dont rewrite temp CA file if it already exists
...
and make it readable by everyone the first time we create it
2016-01-21 15:07:51 +01:00
4482a1dca0
also wrong array
2016-01-20 21:53:49 +01:00
f79255df29
make sure passed options are merged into defaults before checking
2016-01-20 21:35:06 +01:00
94947ee772
merge isset() calls
2016-01-20 21:29:55 +01:00
b95b0c2ab6
wrong array
2016-01-20 21:27:26 +01:00
008cce8d85
add back sanity checks
2016-01-20 21:24:13 +01:00
c1488f65bf
a quick stab at adding capath
2016-01-20 21:20:18 +01:00
546730dcf3
Show CA files being used in debug mode, refs #4792
2016-01-19 17:34:29 +00:00
a13b06725e
Add support for if-modified-since on lazy repos and turning packagist into a lazy provider repo
2016-01-18 14:03:10 +00:00
33c123e8c2
Fix passing of options to remotefilesystem in composer repo
2016-01-18 12:28:03 +00:00
22d8b5dff4
fix possible caBundle error
2016-01-18 08:59:12 +01:00
8375af268c
Use fixed CN_match for github hosts, fixes #4782
2016-01-17 13:41:56 +00:00
fb848d2e07
Code cleanups
2016-01-16 16:50:28 +00:00
72fae0bf70
Declare CN_match/SNI_server_name only for php <5.6
2016-01-16 16:28:04 +00:00
449f68deae
Remove dangerous CN_match fallback
2016-01-16 16:26:14 +00:00
fc4d94f160
Code clarity and updates from the getcomposer.org installer
2016-01-10 17:59:08 +00:00
5d015defb8
Merge remote-tracking branch 'origin/master' into tls-config
2016-01-10 16:10:22 +00:00
fbab2bfa17
Move user agent definition to StreamContextFactory so it is available in all contexts
2015-11-23 15:12:33 +00:00
f084b1e053
Remove duplicate handling of retry-auth-failure option, refs #3765
2015-11-21 21:51:58 +00:00
020c126c27
Fix CS
2015-11-21 21:51:43 +00:00
4255db9e31
Allows SSH urls for gitlab and detect the scheme
...
SSH urls uses HTTPS to request the API
2015-11-14 16:05:05 +01:00
ac68a721f4
Merge remote-tracking branch 'composer/master' into gitlab
...
Conflicts:
doc/04-schema.md
src/Composer/Util/RemoteFilesystem.php
2015-11-14 14:13:39 +01:00
211d4632bb
Fix compatibility with PHP 5.3
2015-11-13 18:06:17 +01:00
58a6d4b7d3
Add comment
2015-11-10 16:35:29 +00:00
064e1a6d6d
Fix handling of http 400 errors
...
Before 400 errors were silently dropped. This caused composer to store
the returned body (usually some html) in cache. This resulted in later
errors when composer tried to extract this error response as zip.
With this exceptions thrown it handles the error gracefully and falls
back to the next URL provided by the package configuration.
2015-11-10 16:30:01 +01:00
ce08582671
Fix CS
2015-09-28 10:53:24 +01:00
9859859f10
Add comment, fixes #4145
2015-08-17 15:57:00 +01:00
bbf959ac34
Do not retry failures once degraded mode is already enabled
2015-07-20 17:44:03 +01:00
ff84b32097
Add degraded mode to try and bypass ipv6/gzip issues, refs #4142 , refs #4121
2015-07-20 17:33:53 +01:00
e2b2f450dc
Merge pull request #4144 from staabm/patch-2
...
Dropped unnecessary break statements
2015-07-03 21:49:05 +01:00
94a924b702
Dropped unnecessary break statements
...
Next line breaks nevertheless
2015-06-14 10:16:45 +02:00
a4ad3c2146
Dropped obsolete condition
...
The conditional a few lines above already checks for `bytesMax > 0`
2015-06-14 10:13:18 +02:00
41f4451c20
take care of retry-auth-failure:false in case of 403 as well
2015-05-07 00:29:45 +01:00
e16d53893e
Remove password prompt for github tokens and require the user creates a token themselves
2015-05-07 00:29:20 +01:00
29ca21f30e
PHP version checks tweaking
2015-05-05 20:18:24 +02:00
1cb427ff5c
Force http1.1 protocol
2015-04-26 22:18:04 +01:00
f870396568
Add oauth2 support for gitlab
2015-04-10 21:45:24 +00:00
c5cd184767
Revert 331425bcb3 as well, fixes #3612
2015-03-24 01:36:30 +00:00
6c35dd6b2d
Improved wording
...
All other verbs use are in the form of "doing something", ie Installing, Downloading. "connection" is the odd one out.
2015-03-23 19:36:16 +01:00
3470cef1f1
Merge pull request #3818 from Hellov/master
...
Duplicate download progress
2015-03-05 14:44:34 +00:00
331425bcb3
Fix output of first line of progress when output is not decorated, refs #3818
2015-03-05 14:44:15 +00:00
ef0191ee6a
Duplicate download progress
2015-03-05 16:27:27 +03:00
c1edfbb65c
Add tests on GitLabDriver
...
Add an interactive prompt for gitlab token
Update doc for gitlab-domains
Add tests on GitLabDriver::supports
Update doc + CS
Optimize branch detection + fix typos
Fix test on GitLab support as it depends on SSL
Remove useless method + fix repository URL containing .git
2015-03-04 00:08:44 +01:00
802b57417a
Pass GitLab credential by HTTP header instead of query string to improve security
2015-03-04 00:08:42 +01:00
Chris Smith