PluginProbe ʕ •ᴥ•ʔ
Booking for Appointments and Events Calendar – Amelia / 1.2.20
Booking for Appointments and Events Calendar – Amelia v1.2.20
2.4.4 2.4.3 2.4.2 2.4.1 2.4 trunk 1.2.1 1.2.10 1.2.11 1.2.12 1.2.13 1.2.14 1.2.15 1.2.16 1.2.17 1.2.18 1.2.19 1.2.2 1.2.20 1.2.21 1.2.22 1.2.23 1.2.24 1.2.25 1.2.26 1.2.27 1.2.28 1.2.29 1.2.3 1.2.30 1.2.31 1.2.32 1.2.33 1.2.34 1.2.35 1.2.36 1.2.37 1.2.38 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 2.0 2.0.1 2.0.2 2.1 2.1.1 2.1.2 2.1.3 2.2 2.2.1 2.3
ameliabooking / vendor / rmccue / requests / library / Requests / SSL.php
ameliabooking / vendor / rmccue / requests / library / Requests Last commit date
Auth 4 years ago Cookie 2 years ago Exception 4 years ago Proxy 4 years ago Response 4 years ago Transport 2 years ago Utility 2 years ago Auth.php 4 years ago Cookie.php 4 years ago Exception.php 4 years ago Hooker.php 4 years ago Hooks.php 2 years ago IDNAEncoder.php 4 years ago IPv6.php 4 years ago IRI.php 2 years ago Proxy.php 4 years ago Response.php 4 years ago SSL.php 4 years ago Session.php 2 years ago Transport.php 4 years ago
SSL.php
145 lines
1 <?php
2 /**
3 * SSL utilities for Requests
4 *
5 * @package Requests
6 * @subpackage Utilities
7 */
8
9 /**
10 * SSL utilities for Requests
11 *
12 * Collection of utilities for working with and verifying SSL certificates.
13 *
14 * @package Requests
15 * @subpackage Utilities
16 */
17 class Requests_SSL {
18 /**
19 * Verify the certificate against common name and subject alternative names
20 *
21 * Unfortunately, PHP doesn't check the certificate against the alternative
22 * names, leading things like 'https://www.github.com/' to be invalid.
23 *
24 * @see https://tools.ietf.org/html/rfc2818#section-3.1 RFC2818, Section 3.1
25 *
26 * @throws Requests_Exception On not obtaining a match for the host (`fsockopen.ssl.no_match`)
27 * @param string $host Host name to verify against
28 * @param array $cert Certificate data from openssl_x509_parse()
29 * @return bool
30 */
31 public static function verify_certificate($host, $cert) {
32 $has_dns_alt = false;
33
34 // Check the subjectAltName
35 if (!empty($cert['extensions']) && !empty($cert['extensions']['subjectAltName'])) {
36 $altnames = explode(',', $cert['extensions']['subjectAltName']);
37 foreach ($altnames as $altname) {
38 $altname = trim($altname);
39 if (strpos($altname, 'DNS:') !== 0) {
40 continue;
41 }
42
43 $has_dns_alt = true;
44
45 // Strip the 'DNS:' prefix and trim whitespace
46 $altname = trim(substr($altname, 4));
47
48 // Check for a match
49 if (self::match_domain($host, $altname) === true) {
50 return true;
51 }
52 }
53 }
54
55 // Fall back to checking the common name if we didn't get any dNSName
56 // alt names, as per RFC2818
57 if (!$has_dns_alt && !empty($cert['subject']['CN'])) {
58 // Check for a match
59 if (self::match_domain($host, $cert['subject']['CN']) === true) {
60 return true;
61 }
62 }
63
64 return false;
65 }
66
67 /**
68 * Verify that a reference name is valid
69 *
70 * Verifies a dNSName for HTTPS usage, (almost) as per Firefox's rules:
71 * - Wildcards can only occur in a name with more than 3 components
72 * - Wildcards can only occur as the last character in the first
73 * component
74 * - Wildcards may be preceded by additional characters
75 *
76 * We modify these rules to be a bit stricter and only allow the wildcard
77 * character to be the full first component; that is, with the exclusion of
78 * the third rule.
79 *
80 * @param string $reference Reference dNSName
81 * @return boolean Is the name valid?
82 */
83 public static function verify_reference_name($reference) {
84 $parts = explode('.', $reference);
85
86 // Check the first part of the name
87 $first = array_shift($parts);
88
89 if (strpos($first, '*') !== false) {
90 // Check that the wildcard is the full part
91 if ($first !== '*') {
92 return false;
93 }
94
95 // Check that we have at least 3 components (including first)
96 if (count($parts) < 2) {
97 return false;
98 }
99 }
100
101 // Check the remaining parts
102 foreach ($parts as $part) {
103 if (strpos($part, '*') !== false) {
104 return false;
105 }
106 }
107
108 // Nothing found, verified!
109 return true;
110 }
111
112 /**
113 * Match a hostname against a dNSName reference
114 *
115 * @param string $host Requested host
116 * @param string $reference dNSName to match against
117 * @return boolean Does the domain match?
118 */
119 public static function match_domain($host, $reference) {
120 // Check if the reference is blocklisted first
121 if (self::verify_reference_name($reference) !== true) {
122 return false;
123 }
124
125 // Check for a direct match
126 if ($host === $reference) {
127 return true;
128 }
129
130 // Calculate the valid wildcard match if the host is not an IP address
131 // Also validates that the host has 3 parts or more, as per Firefox's
132 // ruleset.
133 if (ip2long($host) === false) {
134 $parts = explode('.', $host);
135 $parts[0] = '*';
136 $wildcard = implode('.', $parts);
137 if ($wildcard === $reference) {
138 return true;
139 }
140 }
141
142 return false;
143 }
144 }
145