Jordi Boggiano
a9be7c83f1
Add verification of signatures when running self-update
9 years ago
Jordi Boggiano
bdb97e7527
Reuse new TlsHelper for CA validation, refs #4798
9 years ago
Jordi Boggiano
1ea810d40b
Merge remote-tracking branch 'cs278/san-support'
9 years ago
Jordi Boggiano
78ffe0fd08
Avoid checking CA files several times
9 years ago
Jordi Boggiano
901e6f1d0e
Fix output and handling of RFS::copy() and extract redirect code into its own method, refs #4783
9 years ago
Jordi Boggiano
a574d5ef76
Merge remote-tracking branch 'cs278/follow-redirects'
9 years ago
Chris Smith
e2e07a32c3
Fixes to vuln detection
9 years ago
Chris Smith
bc8b7b0f78
Remove left behind debug code
9 years ago
Chris Smith
b32aad8439
Do not set TLS options on local URLs
9 years ago
Chris Smith
74aa73e841
The origin may not be the remote host
9 years ago
Chris Smith
304c268c3b
Tidy up and general improvement of sAN handling code
...
* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
9 years ago
Chris Smith
7e2a015e9b
Provide support for subjectAltName on PHP < 5.6
9 years ago
Jordi Boggiano
837fa805ec
Code tweaks, refs #4124
9 years ago
Jordi Boggiano
ddd140fd1c
Rollback plugin api version to 1.0.0 for now, add warning about requiring 1.0.0 exactly
9 years ago
nevvermind
5ec6988218
Fixed docs and removed implementation detail
9 years ago
nevvermind
aa45a48283
Refactoring
...
- changed "SPI" into something more familiar, like "implementation"
- throw exceptions on invalid implementation types or invalid class names
- use null instead of false when querying
- refactored the tests accordingly
9 years ago
nevvermind
ec8229ffa3
Remove @since
9 years ago
nevvermind
2051d74774
Added Capable plugins for a more future-proof Plugin API
...
Plugins can now present their capabilities to the PluginManager, through which it can act accordingly, thus making Plugin API more flexible, BC-friendly and decoupled.
9 years ago
Rob Bast
5b85ee409c
add missing array-replace-recursive
9 years ago
Rob Bast
d6be2a693b
switch to array-replace-recursive
9 years ago
Rob Bast
2393222826
more appropriate name
9 years ago
Rob Bast
474541e9aa
apply comments
...
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
9 years ago
Chris Smith
33f823146b
Account for ports in URL
9 years ago
Chris Smith
34f1fcbdcb
Drop downgrade warning
9 years ago
Rob Bast
c232566e52
add a hash to make sure CA file gets recreated if the content changes
9 years ago
Rob Bast
cef97904d0
dont rewrite temp CA file if it already exists
...
and make it readable by everyone the first time we create it
9 years ago
Rob Bast
4482a1dca0
also wrong array
9 years ago
Rob Bast
f79255df29
make sure passed options are merged into defaults before checking
9 years ago
Rob Bast
94947ee772
merge isset() calls
9 years ago
Rob Bast
b95b0c2ab6
wrong array
9 years ago
Rob Bast
008cce8d85
add back sanity checks
9 years ago
Rob Bast
c1488f65bf
a quick stab at adding capath
9 years ago
Jordi Boggiano
395d115d9b
Resolve all dirs before initializing them, fixes #4802
9 years ago
Chris Smith
dd3216e93d
Refactor to use new helper methods for headers
9 years ago
Chris Smith
8a8ec6fccc
Too many redirects is not an error in PHP, return the latest response
9 years ago
Chris Smith
33471e389f
Pass redirect count using options
...
Removing the risk it might be preserved between requests.
9 years ago
Chris Smith
e830a611ec
Handle other path redirects
9 years ago
Chris Smith
ffab235edd
Remove code preventing protocol downgrades
9 years ago
Chris Smith
ce1eda25f3
Follow redirects inside RFS only when required by PHP version
9 years ago
Chris Smith
73662c725a
Don't let PHP follow redirects it doesn't validate certificates
9 years ago
Jordi Boggiano
546730dcf3
Show CA files being used in debug mode, refs #4792
9 years ago
Jordi Boggiano
4dd388074e
Merge pull request #4790 from filbertkm/updatecommand
...
Remove unused import in UpdateCommand
9 years ago
Jordi Boggiano
f9fadb187e
Fix undefined var $auth issue
9 years ago
Jordi Boggiano
40baa3ff05
Use COMPOSER_HOME if defined instead of falling back to HOME, fixes #4789
9 years ago
aude
0a662a7e42
Remove unused import in UpdateCommand
9 years ago
Jordi Boggiano
96ff17c520
Cleanups of XDG support, refs #1407
9 years ago
Jordi Boggiano
3e9efcfb85
Merge remote-tracking branch 'ntoniazzi/master'
9 years ago
Jordi Boggiano
41d8fdfda8
Restore "Avoid loading plugins that do not match the current plugin api even during installation" but fixed
...
This reverts commit 0118d69603
.
9 years ago
Jordi Boggiano
a13b06725e
Add support for if-modified-since on lazy repos and turning packagist into a lazy provider repo
9 years ago
Jordi Boggiano
1d08f83976
Only clone if needed
9 years ago