diff options
author | friendica <info@friendica.com> | 2013-02-13 20:09:30 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-02-13 20:09:30 -0800 |
commit | b4057cfeb494dac9ad650e7deadec695c20dc912 (patch) | |
tree | f8b898e2e38c8d1e9a14226cbab69de2daa73359 /include | |
parent | 8b278db05c7690370945edec29a0139541538dae (diff) | |
download | volse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.tar.gz volse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.tar.bz2 volse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.zip |
use our own CA bundle as authoritative for backend communications. This avoids OS dependent CA validity mismatches.
Diffstat (limited to 'include')
-rw-r--r-- | include/network.php | 9 | ||||
-rw-r--r-- | include/zot.php | 23 |
2 files changed, 28 insertions, 4 deletions
diff --git a/include/network.php b/include/network.php index 321eb375f..ecc54d818 100644 --- a/include/network.php +++ b/include/network.php @@ -1,6 +1,11 @@ <?php + +function get_capath() { + return appdirpath() . '/library/cacert.pem'; +} + // curl wrapper. If binary flag is true, return binary // results. @@ -14,6 +19,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ return false; @curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); if (!is_null($accept_content)){ curl_setopt($ch,CURLOPT_HTTPHEADER, array ( @@ -104,6 +110,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) return false; curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$params); @@ -200,6 +207,7 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accep return false; @curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); if (!is_null($accept_content)){ curl_setopt($ch,CURLOPT_HTTPHEADER, array ( @@ -288,6 +296,7 @@ function z_post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0 return ret; curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); curl_setopt($ch, CURLOPT_POST,1); curl_setopt($ch, CURLOPT_POSTFIELDS,$params); diff --git a/include/zot.php b/include/zot.php index 51b04e1ef..345c5b397 100644 --- a/include/zot.php +++ b/include/zot.php @@ -150,7 +150,9 @@ function zot_finger($webbie,$channel) { } $rhs = '/.well-known/zot-info'; + $https = ((strpos($url,'https://') === 0) ? true : false); + logger('zot_finger: ' . $url, LOGGER_DEBUG); if($channel) { $postvars = array( @@ -161,17 +163,30 @@ function zot_finger($webbie,$channel) { ); $result = z_post_url($url . $rhs,$postvars); - if(! $result['success']) - $result = z_post_url('http://' . $host . $rhs,$postvars); + + + if(! $result['success']) { + if($https) { + logger('zot_finger: https failed. falling back to http'); + $result = z_post_url('http://' . $host . $rhs,$postvars); + } + } } else { $rhs .= '?f=&address=' . urlencode($address); $result = z_fetch_url($url . $rhs); - if(! $result['success']) - $result = z_fetch_url('http://' . $host . $rhs); + if(! $result['success']) { + if($https) { + logger('zot_finger: https failed. falling back to http'); + $result = z_fetch_url('http://' . $host . $rhs); + } + } } + if(! $result['success']) + logger('zot_finger: no results'); + return $result; } |