Verify certs (#223)

Ensure that certificates are verified in curl should close #47
author: jvoisin 2018-08-29 08:55:49 +0000
committer: xXx-caillou-xXx 2018-08-29 10:55:49 +0200
commit: 64e52596abaf4bdd4c17f79c4e8acf25d1a452b4 (patch)
tree: 5452af804c25304cabe0f7e1160263fad25c3bf9 /src/sp_curl_verify_certificates.c
parent: a0300b15a3afffe02c737d263c3d6dd31ac307b7 (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/src/sp_curl_verify_certificates.c b/src/sp_curl_verify_certificates.c
new file mode 100644
index 0000000..057ee29
--- /dev/null
+++ b/src/sp_curl_verify_certificates.c
@@ -0,0 +1,33 @@
+#include "php_snuffleupagus.h"
+#include "sp_config.h"
+ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+PHP_FUNCTION(sp_curl_setopt) {
+        void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
+        zend_string *protocol_name = NULL;
+        zval *zid, *zvalue;
+        zend_long options;
+        ZEND_PARSE_PARAMETERS_START(3, 3)
+                Z_PARAM_RESOURCE(zid)
+                Z_PARAM_LONG(options)
+                Z_PARAM_ZVAL(zvalue)
+        ZEND_PARSE_PARAMETERS_END();
+        if (options & CURLOPT_SSL_VERIFYPEER && zval_get_long(zvalue) != 1) {
+                        sp_log_err("verify_vertificates", "Please don't deactivate server certificate validation");
+        } else if (options & CURLOPT_SSL_VERIFYHOST && zval_get_long(zvalue) != 2) {
+                        sp_log_err("verify_vertificates", "Please don't deactivate client certificate validation");
+        }
+        orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+}
+int hook_curl_verify_certificates() {
+        TSRMLS_FETCH();
+  HOOK_FUNCTION("curl_setopt", sp_internal_functions_hook, PHP_FN(sp_curl_setopt));
+        return SUCCESS;
+}
author	jvoisin	2018-08-29 08:55:49 +0000
committer	xXx-caillou-xXx	2018-08-29 10:55:49 +0200
commit	64e52596abaf4bdd4c17f79c4e8acf25d1a452b4 (patch)
tree	5452af804c25304cabe0f7e1160263fad25c3bf9 /src/sp_curl_verify_certificates.c
parent	a0300b15a3afffe02c737d263c3d6dd31ac307b7 (diff)

diff --git a/src/sp_curl_verify_certificates.c b/src/sp_curl_verify_certificates.c new file mode 100644 index 0000000..057ee29 --- /dev/null +++ b/src/sp_curl_verify_certificates.c
@@ -0,0 +1,33 @@
	1	#include "php_snuffleupagus.h"
	2	#include "sp_config.h"
	3
	4	ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
	5
	6	PHP_FUNCTION(sp_curl_setopt) {
	7	void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS);
	8	zend_string *protocol_name = NULL;
	9	zval zid, zvalue;
	10	zend_long options;
	11
	12	ZEND_PARSE_PARAMETERS_START(3, 3)
	13	Z_PARAM_RESOURCE(zid)
	14	Z_PARAM_LONG(options)
	15	Z_PARAM_ZVAL(zvalue)
	16	ZEND_PARSE_PARAMETERS_END();
	17
	18	if (options & CURLOPT_SSL_VERIFYPEER && zval_get_long(zvalue) != 1) {
	19	sp_log_err("verify_vertificates", "Please don't deactivate server certificate validation");
	20	} else if (options & CURLOPT_SSL_VERIFYHOST && zval_get_long(zvalue) != 2) {
	21	sp_log_err("verify_vertificates", "Please don't deactivate client certificate validation");
	22	}
	23
	24	orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU);
	25	}
	26
	27	int hook_curl_verify_certificates() {
	28	TSRMLS_FETCH();
	29
	30	HOOK_FUNCTION("curl_setopt", sp_internal_functions_hook, PHP_FN(sp_curl_setopt));
	31
	32	return SUCCESS;
	33	}