Jordi Boggiano
bdb97e7527
Reuse new TlsHelper for CA validation, refs #4798
2016-01-25 19:17:56 +00:00
Jordi Boggiano
1ea810d40b
Merge remote-tracking branch 'cs278/san-support'
2016-01-25 18:53:45 +00:00
Jordi Boggiano
78ffe0fd08
Avoid checking CA files several times
2016-01-25 18:34:52 +00:00
Bilal Amarni
e727f9f5fe
[Config command] allow to pass options when adding a repo
2016-01-25 19:25:10 +01:00
Jordi Boggiano
9d08a7943a
Merge pull request #4819 from 0mars/master
...
Fix Broken Links in troubleshooting.md
2016-01-25 17:58:49 +00:00
Jordi Boggiano
3aa1774622
Merge pull request #4824 from Bob4ever/patch-1
...
Update custom-installers.md
2016-01-25 17:58:24 +00:00
Jordi Boggiano
901e6f1d0e
Fix output and handling of RFS::copy() and extract redirect code into its own method, refs #4783
2016-01-25 17:55:29 +00:00
Jordi Boggiano
a574d5ef76
Merge remote-tracking branch 'cs278/follow-redirects'
2016-01-25 17:26:05 +00:00
Bob4ever
eb8df89cd5
Update custom-installers.md
2016-01-25 14:29:37 +01:00
Chris Smith
e2e07a32c3
Fixes to vuln detection
2016-01-24 20:54:43 +00:00
Chris Smith
bc8b7b0f78
Remove left behind debug code
2016-01-24 19:41:14 +00:00
Chris Smith
b32aad8439
Do not set TLS options on local URLs
2016-01-24 19:10:11 +00:00
Chris Smith
74aa73e841
The origin may not be the remote host
2016-01-24 19:09:35 +00:00
Chris Smith
304c268c3b
Tidy up and general improvement of sAN handling code
...
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
2016-01-24 19:02:50 +00:00
Chris Smith
7e2a015e9b
Provide support for subjectAltName on PHP < 5.6
2016-01-24 19:02:29 +00:00
Omar Shaban
05c5aee1f1
Fix Broken Links in troubleshooting.md
2016-01-23 20:50:43 +02:00
Jordi Boggiano
837fa805ec
Code tweaks, refs #4124
2016-01-22 19:09:44 +00:00
Jordi Boggiano
ddd140fd1c
Rollback plugin api version to 1.0.0 for now, add warning about requiring 1.0.0 exactly
2016-01-22 19:09:03 +00:00
nevvermind
5ec6988218
Fixed docs and removed implementation detail
2016-01-22 13:54:59 +00:00
nevvermind
aa45a48283
Refactoring
...
- changed "SPI" into something more familiar, like "implementation"
- throw exceptions on invalid implementation types or invalid class names
- use null instead of false when querying
- refactored the tests accordingly
2016-01-22 13:51:32 +00:00
nevvermind
ec8229ffa3
Remove @since
2016-01-22 13:51:32 +00:00
nevvermind
681043355f
Update test fixtures + fix test
2016-01-22 13:51:32 +00:00
nevvermind
58ded13eb9
Fix tests breaking on a api version bump
...
Make generic plugins work with many API versions as opposed to just 1.0.0.
2016-01-22 13:51:32 +00:00
nevvermind
2051d74774
Added Capable plugins for a more future-proof Plugin API
...
Plugins can now present their capabilities to the PluginManager, through which it can act accordingly, thus making Plugin API more flexible, BC-friendly and decoupled.
2016-01-22 13:51:32 +00:00
Jordi Boggiano
7d7b3ccb2a
Merge pull request #4805 from alcohol/capath
...
Add capath configuration capability and refactor cafile resolving
2016-01-22 13:46:05 +00:00
Rob Bast
5b85ee409c
add missing array-replace-recursive
2016-01-22 14:29:29 +01:00
Rob Bast
d6be2a693b
switch to array-replace-recursive
2016-01-22 14:27:08 +01:00
Rob Bast
2393222826
more appropriate name
2016-01-22 09:20:43 +01:00
Rob Bast
474541e9aa
apply comments
...
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
2016-01-22 09:14:37 +01:00
Chris Smith
33f823146b
Account for ports in URL
2016-01-22 01:48:16 +00:00
Chris Smith
34f1fcbdcb
Drop downgrade warning
2016-01-22 01:47:05 +00:00
Rob Bast
c232566e52
add a hash to make sure CA file gets recreated if the content changes
2016-01-21 16:02:44 +01:00
Rob Bast
cef97904d0
dont rewrite temp CA file if it already exists
...
and make it readable by everyone the first time we create it
2016-01-21 15:07:51 +01:00
Rob Bast
1adb2e6005
Merge branch 'master' of github.com:composer/composer into capath
...
* 'master' of github.com:composer/composer:
fix typo
minor tweaking of phrasing
move to troubleshooting
add possible work-around / solution
initial document
2016-01-21 15:00:45 +01:00
Jordi Boggiano
06a21132db
Merge pull request #4713 from alcohol/pitfalls-doc
...
document common mistakes and misconceptions in a pitfalls article
2016-01-21 12:25:47 +00:00
Rob Bast
446f1b3e31
fix zip test
2016-01-21 10:22:12 +01:00
Rob Bast
4482a1dca0
also wrong array
2016-01-20 21:53:49 +01:00
Rob Bast
f79255df29
make sure passed options are merged into defaults before checking
2016-01-20 21:35:06 +01:00
Rob Bast
94947ee772
merge isset() calls
2016-01-20 21:29:55 +01:00
Rob Bast
b95b0c2ab6
wrong array
2016-01-20 21:27:26 +01:00
Rob Bast
008cce8d85
add back sanity checks
2016-01-20 21:24:13 +01:00
Rob Bast
c1488f65bf
a quick stab at adding capath
2016-01-20 21:20:18 +01:00
Jordi Boggiano
395d115d9b
Resolve all dirs before initializing them, fixes #4802
2016-01-20 11:17:40 +00:00
Chris Smith
dd3216e93d
Refactor to use new helper methods for headers
2016-01-19 22:19:17 +00:00
Chris Smith
8a8ec6fccc
Too many redirects is not an error in PHP, return the latest response
2016-01-19 22:06:38 +00:00
Chris Smith
33471e389f
Pass redirect count using options
...
Removing the risk it might be preserved between requests.
2016-01-19 22:06:27 +00:00
Chris Smith
e830a611ec
Handle other path redirects
2016-01-19 22:06:27 +00:00
Chris Smith
ffab235edd
Remove code preventing protocol downgrades
2016-01-19 22:06:27 +00:00
Chris Smith
ce1eda25f3
Follow redirects inside RFS only when required by PHP version
2016-01-19 22:06:27 +00:00
Chris Smith
73662c725a
Don't let PHP follow redirects it doesn't validate certificates
2016-01-19 22:06:04 +00:00