Mercurial Mercurial > enmi-conf.org / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wp/wp-includes/Requests/SSL.php
changeset 18 be944660c56a
parent 16 a86126ab1dd4
equal deleted inserted replaced
17:34716fd837a4 18:be944660c56a 
    18 	/**
 
    18 	/**
 
    19 	 * Verify the certificate against common name and subject alternative names
 
    19 	 * Verify the certificate against common name and subject alternative names
 
    20 	 *
 
    20 	 *
 
    21 	 * Unfortunately, PHP doesn't check the certificate against the alternative
 
    21 	 * Unfortunately, PHP doesn't check the certificate against the alternative
 
    22 	 * names, leading things like 'https://www.github.com/' to be invalid.
 
    22 	 * names, leading things like 'https://www.github.com/' to be invalid.
 
    23 	 * Instead
 
       
    24 	 *
 
    23 	 *
 
    25 	 * @see https://tools.ietf.org/html/rfc2818#section-3.1 RFC2818, Section 3.1
 
    24 	 * @see https://tools.ietf.org/html/rfc2818#section-3.1 RFC2818, Section 3.1
 
    26 	 *
 
    25 	 *
 
    27 	 * @throws Requests_Exception On not obtaining a match for the host (`fsockopen.ssl.no_match`)
 
    26 	 * @throws Requests_Exception On not obtaining a match for the host (`fsockopen.ssl.no_match`)
 
    28 	 * @param string $host Host name to verify against
 
    27 	 * @param string $host Host name to verify against
 
    29 	 * @param array $cert Certificate data from openssl_x509_parse()
 
    28 	 * @param array $cert Certificate data from openssl_x509_parse()
 
    30 	 * @return bool
 
    29 	 * @return bool
 
    31 	 */
 
    30 	 */
 
    32 	public static function verify_certificate($host, $cert) {
 
    31 	public static function verify_certificate($host, $cert) {
 
    33 		// Calculate the valid wildcard match if the host is not an IP address
 
       
    34 		$parts = explode('.', $host);
 
       
    35 		if (ip2long($host) === false) {
 
       
    36 			$parts[0] = '*';
 
       
    37 		}
 
       
    38 		$wildcard = implode('.', $parts);
 
       
    39 
       
    40 		$has_dns_alt = false;
 
    32 		$has_dns_alt = false;
 
    41 
    33 
    42 		// Check the subjectAltName
 
    34 		// Check the subjectAltName
 
    43 		if (!empty($cert['extensions']) && !empty($cert['extensions']['subjectAltName'])) {
 
    35 		if (!empty($cert['extensions']) && !empty($cert['extensions']['subjectAltName'])) {
 
    44 			$altnames = explode(',', $cert['extensions']['subjectAltName']);
 
    36 			$altnames = explode(',', $cert['extensions']['subjectAltName']);
 
   137 
   129 
   138 		// Calculate the valid wildcard match if the host is not an IP address
 
   130 		// Calculate the valid wildcard match if the host is not an IP address
 
   139 		// Also validates that the host has 3 parts or more, as per Firefox's
 
   131 		// Also validates that the host has 3 parts or more, as per Firefox's
 
   140 		// ruleset.
 
   132 		// ruleset.
 
   141 		if (ip2long($host) === false) {
 
   133 		if (ip2long($host) === false) {
 
   142 			$parts = explode('.', $host);
 
   134 			$parts    = explode('.', $host);
 
   143 			$parts[0] = '*';
 
   135 			$parts[0] = '*';
 
   144 			$wildcard = implode('.', $parts);
 
   136 			$wildcard = implode('.', $parts);
 
   145 			if ($wildcard === $reference) {
 
   137 			if ($wildcard === $reference) {
 
   146 				return true;
 
   138 				return true;
 
   147 			}
 
   139 			}
enmi-conf.org