Bug #75908

Respect ssl_verify_peer, ssl_verify_host and ssl_capath settings for curl requests not only in case of using curlProxyServer

Added by Petra Arentzen over 5 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Should have
Category:
Backend API
Start date:
2016-04-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

In contrast to solution in #75038 I think the 'ssl_verify_*' option in configuration should be respected not only when option 'curlProxyServer' is set:

Index: typo3/sysext/core/Classes/Utility/GeneralUtility.php
<+>UTF-8
===================================================================
--- typo3/sysext/core/Classes/Utility/GeneralUtility.php    (revision )
+++ typo3/sysext/core/Classes/Utility/GeneralUtility.php    (revision )
@@ -2474,11 +2474,13 @@
             if (is_array($requestHeaders)) {
                 curl_setopt($ch, CURLOPT_HTTPHEADER, $requestHeaders);
             }
+
+            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host']);
+            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']);
+
             // (Proxy support implemented by Arco <arco@appeltaart.mine.nu>)
             if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
                 curl_setopt($ch, CURLOPT_PROXY, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']);
-                curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_host']);
-                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (bool)$GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']);
                 if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_verify_peer']) {
                     if ($GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_cafile']) {
                         curl_setopt($ch, CURLOPT_CAINFO, $GLOBALS['TYPO3_CONF_VARS']['HTTP']['ssl_cafile']);

Reason:
It's an annoying problem in environments where a self signed certificate is used, e.G. while developing or testing. I guess many developers work with such a certificate. So they have to change core files for running code which uses GeneralUtility::getUrl() or switch back to http:, which in my case (and in surely in some others) also means to change .htaccess where https: is forced.


Related issues

Related to TYPO3 Core - Task #75038: Respect ssl_verify_peer, ssl_verify_host and ssl_capath settings for curl requestsClosed2016-03-13

Actions
Related to TYPO3 Core - Bug #77490: geturl stream context doesn't respect ssl_* settingsRejected2016-08-12

Actions
Has duplicate TYPO3 Core - Bug #77489: curl: respect ssl_* settings without curlProxyServer=1Closed2016-08-12

Actions
#2

Updated by Gerrit Code Review about 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#3

Updated by Alexander Opitz almost 5 years ago

  • Category set to Backend API
  • Assignee set to Petra Arentzen
  • Target version set to Candidate for patchlevel

Please provide the patch at first for master. It will get backported later on.

#4

Updated by Tobias Liebig almost 5 years ago

This bug does not relate to master as GeneralUtility::getUrl is completly refactored using Guzzle instead of cUrl.

@Alexander Opitz: could you please reconsider your -1 review?

#5

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#6

Updated by Gerrit Code Review over 4 years ago

Patch set 3 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#7

Updated by Gerrit Code Review over 4 years ago

Patch set 4 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#8

Updated by Alexander Opitz over 3 years ago

  • Has duplicate Bug #77489: curl: respect ssl_* settings without curlProxyServer=1 added
#9

Updated by Alexander Opitz over 3 years ago

BTW: the CURLOPT_SSL_VERIFYHOST seams to be used wrong, it isn't a boolean value, it is an integer, See https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

#10

Updated by Gerrit Code Review over 3 years ago

Patch set 5 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#11

Updated by Gerrit Code Review over 3 years ago

Patch set 6 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49861

#12

Updated by Christian Kuhn over 3 years ago

  • Status changed from Under Review to Rejected

Also available in: Atom PDF