From 995dc40130b0a90e4d7ca96037ec585aad3e89d8 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Thu, 21 Feb 2013 17:37:18 +0100 Subject: [PATCH] Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256 --- src/Composer/Config.php | 1 + src/Composer/Repository/ComposerRepository.php | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/src/Composer/Config.php b/src/Composer/Config.php index c9ea3b2c6..f36905390 100644 --- a/src/Composer/Config.php +++ b/src/Composer/Config.php @@ -39,6 +39,7 @@ class Config 'packagist' => array( 'type' => 'composer', 'url' => 'https?://packagist.org', + 'allow_ssl_downgrade' => true, ) ); diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php index 7d67c9505..875d97b9d 100644 --- a/src/Composer/Repository/ComposerRepository.php +++ b/src/Composer/Repository/ComposerRepository.php @@ -43,6 +43,7 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository protected $providersByUid = array(); protected $loader; protected $rootAliases; + protected $allowSslDowngrade = false; private $rawData; private $minimalPackages; private $degradedMode = false; @@ -68,6 +69,9 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository if (!isset($repoConfig['options'])) { $repoConfig['options'] = array(); } + if (isset($repoConfig['allow_ssl_downgrade']) && true === $repoConfig['allow_ssl_downgrade']) { + $this->allowSslDowngrade = true; + } $this->config = $config; $this->options = $repoConfig['options']; @@ -327,6 +331,9 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository } $data = $this->fetchFile($jsonUrl, 'packages.json'); + if ($this->allowSslDowngrade) { + $this->url = str_replace('https://', 'http://', $this->url); + } // TODO remove this BC notify_batch support if (!empty($data['notify_batch'])) {