[TASK] Respect ssl_verify_peer and ssl_verify_host in curl requests 64/47464/2
authorDaniel Maier <dani-maier@gmx.de>
Sun, 13 Mar 2016 18:06:25 +0000 (19:06 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 31 Mar 2016 15:56:57 +0000 (17:56 +0200)
Make GeneralUtility::getUrl aware of the settings ssl_verify_peer, ssl_verify_host,
ssl_cafile and ssl_capath from DefaultConfiguration.

This ensures that curl requests to https addresses (e.g. TER mirror url) are handled
correctly when tunneled through proxies, considering the specific configuration set
in the install tool.

Resolves: #75038
Releases: master, 7.6
Change-Id: I8f527d5d1b9609bcf3f0853153a2f53367492f24
Reviewed-on: https://review.typo3.org/47464
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Utility/GeneralUtility.php

index 1fb02f8..d8e5570 100755 (executable)
@@ -2476,6 +2476,16 @@ class GeneralUtility
             // (Proxy support implemented by Arco <arco@appeltaart.mine.nu>)
             if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
                 curl_setopt($ch, CURLOPT_PROXY, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']);
+                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host']);
+                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']);
+                if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']) {
+                    if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_cafile']) {
+                        curl_setopt($ch, CURLOPT_CAINFO, $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_cafile']);
+                    }
+                    if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_capath']) {
+                        curl_setopt($ch, CURLOPT_CAPATH, $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_capath']);
+                    }
+                }
                 if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyNTLM']) {
                     curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
                 }