* Move OpenSSL functions into a new TlsHelper class
* Add error when sAN certificate cannot be verified due to
CVE-2013-6420
* Throw exception if PHP >= 5.6 manages to use fallback code
* Add support for wildcards in CN/sAN
* Add tests for cert name validation
* Check for backported security fix for CVE-2013-6420 using
testcase from PHP tests.
* Whitelist some disto PHP versions that have the CVE-2013-6420
fix backported.
- changed "SPI" into something more familiar, like "implementation"
- throw exceptions on invalid implementation types or invalid class names
- use null instead of false when querying
- refactored the tests accordingly
Plugins can now present their capabilities to the PluginManager, through which it can act accordingly, thus making Plugin API more flexible, BC-friendly and decoupled.
- add capath to json schema
- simplify factory
- hash_file and sha256 for CA checking
- remove exception as scenario should not occur
- remove executable bit from CA file
- make CA file also group/world writable (we overwrite invalid content anyway)
to avoid permission errors as much as possible
* 'master' of github.com:composer/composer:
fix typo
minor tweaking of phrasing
move to troubleshooting
add possible work-around / solution
initial document
When an environmental variable named "COMPOSER_AUTH" is set
as $USERNAME:$PASSWORD, it is automatically used for authentication
e.g. when fetching packages from Satis.
The envvar credentials are of lower priority than URL credentials.
Fixes#4285