From ebae5dfd95025675bebebf2c0ed58189a58158dc Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Fri, 24 Jun 2016 14:58:32 +0100
Subject: [PATCH] Undo downgrade before trying again if http seems unreliable,
 refs #2835

---
 src/Composer/Repository/ComposerRepository.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php
index f2d10d943..43afa5317 100644
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@@ -644,6 +644,13 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
                 $rfs = $preFileDownloadEvent->getRemoteFilesystem();
                 $json = $rfs->getContents($hostname, $filename, false);
                 if ($sha256 && $sha256 !== hash('sha256', $json)) {
+                    // undo downgrade before trying again if http seems to be hijacked or modifying content somehow
+                    if ($this->allowSslDowngrade) {
+                        $this->url = str_replace('http://', 'https://', $this->url);
+                        $this->baseUrl = str_replace('http://', 'https://', $this->baseUrl);
+                        $filename = str_replace('http://', 'https://', $filename);
+                    }
+
                     if ($retries) {
                         usleep(100000);