Exception
6 years ago
WebAuthException
6 years ago
certs
6 years ago
AppInfo.php
6 years ago
AppInfoLoadException.php
6 years ago
ArrayEntryStore.php
6 years ago
AuthBase.php
6 years ago
AuthInfo.php
6 years ago
AuthInfoLoadException.php
6 years ago
Checker.php
6 years ago
Client.php
6 years ago
Curl.php
6 years ago
CurlStreamRelay.php
6 years ago
DeserializeException.php
6 years ago
DropboxMetadataHeaderCatcher.php
6 years ago
Exception.php
6 years ago
Host.php
6 years ago
HttpResponse.php
6 years ago
OAuth1AccessToken.php
6 years ago
OAuth1Upgrader.php
6 years ago
Path.php
6 years ago
RequestUtil.php
6 years ago
RootCertificates.php
6 years ago
SSLTester.php
6 years ago
Security.php
6 years ago
StreamReadException.php
6 years ago
Util.php
6 years ago
ValueStore.php
6 years ago
WebAuth.php
6 years ago
WebAuthBase.php
6 years ago
WebAuthNoRedirect.php
6 years ago
WriteMode.php
6 years ago
autoload.php
6 years ago
strict.php
6 years ago
Curl.php
132 lines
| 1 | <?php |
| 2 | namespace Dropbox; |
| 3 | |
| 4 | /** |
| 5 | * A minimal wrapper around a cURL handle. |
| 6 | * |
| 7 | * @internal |
| 8 | */ |
| 9 | final class Curl |
| 10 | { |
| 11 | /** @var resource */ |
| 12 | public $handle; |
| 13 | |
| 14 | /** @var string[] */ |
| 15 | private $headers = array(); |
| 16 | |
| 17 | /** |
| 18 | * @param string $url |
| 19 | */ |
| 20 | function __construct($url) |
| 21 | { |
| 22 | // Make sure there aren't any spaces in the URL (i.e. the caller forgot to URL-encode). |
| 23 | if (strpos($url, ' ') !== false) { |
| 24 | throw new \InvalidArgumentException("Found space in \$url; it should be encoded"); |
| 25 | } |
| 26 | |
| 27 | $this->handle = curl_init($url); |
| 28 | |
| 29 | // NOTE: Though we turn on all the correct SSL settings, many PHP installations |
| 30 | // don't respect these settings. Run "examples/test-ssl.php" to run some basic |
| 31 | // SSL tests to see how well your PHP implementation behaves. |
| 32 | |
| 33 | // Use our own certificate list. |
| 34 | $this->set(CURLOPT_SSL_VERIFYPEER, true); // Enforce certificate validation |
| 35 | $this->set(CURLOPT_SSL_VERIFYHOST, 2); // Enforce hostname validation |
| 36 | |
| 37 | // Force the use of TLS (SSL v2 and v3 are not secure). |
| 38 | // TODO: Use "CURL_SSLVERSION_TLSv1" instead of "1" once we can rely on PHP 5.5+. |
| 39 | $this->set(CURLOPT_SSLVERSION, 1); |
| 40 | |
| 41 | // Limit the set of ciphersuites used. |
| 42 | global $sslCiphersuiteList; |
| 43 | if ($sslCiphersuiteList !== null) { |
| 44 | $this->set(CURLOPT_SSL_CIPHER_LIST, $sslCiphersuiteList); |
| 45 | } |
| 46 | |
| 47 | list($rootCertsFilePath, $rootCertsFolderPath) = RootCertificates::getPaths(); |
| 48 | // Certificate file. |
| 49 | $this->set(CURLOPT_CAINFO, $rootCertsFilePath); |
| 50 | // Certificate folder. If not specified, some PHP installations will use |
| 51 | // the system default, even when CURLOPT_CAINFO is specified. |
| 52 | $this->set(CURLOPT_CAPATH, $rootCertsFolderPath); |
| 53 | |
| 54 | // Limit vulnerability surface area. Supported in cURL 7.19.4+ |
| 55 | if (defined('CURLOPT_PROTOCOLS')) $this->set(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS); |
| 56 | if (defined('CURLOPT_REDIR_PROTOCOLS')) $this->set(CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS); |
| 57 | } |
| 58 | |
| 59 | /** |
| 60 | * @param string $header |
| 61 | */ |
| 62 | function addHeader($header) |
| 63 | { |
| 64 | if (is_array($header)) { |
| 65 | $this->headers = array_merge($this->headers, $header); |
| 66 | } |
| 67 | else { |
| 68 | $this->headers[] = $header; |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | function exec() |
| 73 | { |
| 74 | $this->set(CURLOPT_HTTPHEADER, $this->headers); |
| 75 | |
| 76 | $body = curl_exec($this->handle); |
| 77 | if ($body === false) { |
| 78 | throw new Exception_NetworkIO("Error executing HTTP request: " . curl_error($this->handle)); |
| 79 | } |
| 80 | |
| 81 | $statusCode = curl_getinfo($this->handle, CURLINFO_HTTP_CODE); |
| 82 | |
| 83 | return new HttpResponse($statusCode, $body); |
| 84 | } |
| 85 | |
| 86 | /** |
| 87 | * @param int $option |
| 88 | * @param mixed $value |
| 89 | */ |
| 90 | function set($option, $value) |
| 91 | { |
| 92 | curl_setopt($this->handle, $option, $value); |
| 93 | } |
| 94 | |
| 95 | function __destruct() |
| 96 | { |
| 97 | curl_close($this->handle); |
| 98 | } |
| 99 | } |
| 100 | |
| 101 | // Different cURL SSL backends use different names for ciphersuites. |
| 102 | $curlVersion = \curl_version(); |
| 103 | $curlSslBackend = $curlVersion['ssl_version']; |
| 104 | if (\substr_compare($curlSslBackend, "NSS/", 0, strlen("NSS/")) === 0) { |
| 105 | // Can't figure out how to reliably set ciphersuites for NSS. |
| 106 | $sslCiphersuiteList = null; |
| 107 | } |
| 108 | else { |
| 109 | // Use the OpenSSL names for all other backends. We may have to |
| 110 | // refine this if users report errors. |
| 111 | $sslCiphersuiteList = |
| 112 | 'ECDHE-RSA-AES256-GCM-SHA384:'. |
| 113 | 'ECDHE-RSA-AES128-GCM-SHA256:'. |
| 114 | 'ECDHE-RSA-AES256-SHA384:'. |
| 115 | 'ECDHE-RSA-AES128-SHA256:'. |
| 116 | 'ECDHE-RSA-AES256-SHA:'. |
| 117 | 'ECDHE-RSA-AES128-SHA:'. |
| 118 | 'ECDHE-RSA-RC4-SHA:'. |
| 119 | 'DHE-RSA-AES256-GCM-SHA384:'. |
| 120 | 'DHE-RSA-AES128-GCM-SHA256:'. |
| 121 | 'DHE-RSA-AES256-SHA256:'. |
| 122 | 'DHE-RSA-AES128-SHA256:'. |
| 123 | 'DHE-RSA-AES256-SHA:'. |
| 124 | 'DHE-RSA-AES128-SHA:'. |
| 125 | 'AES256-GCM-SHA384:'. |
| 126 | 'AES128-GCM-SHA256:'. |
| 127 | 'AES256-SHA256:'. |
| 128 | 'AES128-SHA256:'. |
| 129 | 'AES256-SHA:'. |
| 130 | 'AES128-SHA'; |
| 131 | } |
| 132 |