aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-02-13 20:09:30 -0800
committerfriendica <info@friendica.com>2013-02-13 20:09:30 -0800
commitb4057cfeb494dac9ad650e7deadec695c20dc912 (patch)
treef8b898e2e38c8d1e9a14226cbab69de2daa73359 /include
parent8b278db05c7690370945edec29a0139541538dae (diff)
downloadvolse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.tar.gz
volse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.tar.bz2
volse-hubzilla-b4057cfeb494dac9ad650e7deadec695c20dc912.zip
use our own CA bundle as authoritative for backend communications. This avoids OS dependent CA validity mismatches.
Diffstat (limited to 'include')
-rw-r--r--include/network.php9
-rw-r--r--include/zot.php23
2 files changed, 28 insertions, 4 deletions
diff --git a/include/network.php b/include/network.php
index 321eb375f..ecc54d818 100644
--- a/include/network.php
+++ b/include/network.php
@@ -1,6 +1,11 @@
<?php
+
+function get_capath() {
+ return appdirpath() . '/library/cacert.pem';
+}
+
// curl wrapper. If binary flag is true, return binary
// results.
@@ -14,6 +19,7 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_
return false;
@curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_CAINFO, get_capath());
if (!is_null($accept_content)){
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@@ -104,6 +110,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0)
return false;
curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_CAINFO, get_capath());
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
@@ -200,6 +207,7 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accep
return false;
@curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_CAINFO, get_capath());
if (!is_null($accept_content)){
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@@ -288,6 +296,7 @@ function z_post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0
return ret;
curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_CAINFO, get_capath());
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
diff --git a/include/zot.php b/include/zot.php
index 51b04e1ef..345c5b397 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -150,7 +150,9 @@ function zot_finger($webbie,$channel) {
}
$rhs = '/.well-known/zot-info';
+ $https = ((strpos($url,'https://') === 0) ? true : false);
+ logger('zot_finger: ' . $url, LOGGER_DEBUG);
if($channel) {
$postvars = array(
@@ -161,17 +163,30 @@ function zot_finger($webbie,$channel) {
);
$result = z_post_url($url . $rhs,$postvars);
- if(! $result['success'])
- $result = z_post_url('http://' . $host . $rhs,$postvars);
+
+
+ if(! $result['success']) {
+ if($https) {
+ logger('zot_finger: https failed. falling back to http');
+ $result = z_post_url('http://' . $host . $rhs,$postvars);
+ }
+ }
}
else {
$rhs .= '?f=&address=' . urlencode($address);
$result = z_fetch_url($url . $rhs);
- if(! $result['success'])
- $result = z_fetch_url('http://' . $host . $rhs);
+ if(! $result['success']) {
+ if($https) {
+ logger('zot_finger: https failed. falling back to http');
+ $result = z_fetch_url('http://' . $host . $rhs);
+ }
+ }
}
+ if(! $result['success'])
+ logger('zot_finger: no results');
+
return $result;
}