Added the following patch from the [email protected] mailing list:

http://lists.openidenabled.com/pipermail/dev/attachments/20090928/2d616914/attachment.bin Original Message: anthony.lenton at canonical.com anthony.lenton at canonical.com Mon Sep 28 11:30:12 PDT 2009 darcs patch: cURL verify host "With this patch, if you define Auth_Openid_VERIFY_HOST cURL will enable host verification on ssl connections, for added security." This patch was in the form of a Darcs patch, not a normal patch. So solve this, I applied it to the Darcs repository found on openidenabled, then created a new diff file between the original Darcs repo and the new one (with the patch applied) so that I could apply it to this git repo. All hunks were applied successfully.
lillialexis · Feb 12, 2010 · a98cbca · a98cbca
1 parent a6b4f08
commit a98cbca
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/Auth/Yadis/ParanoidHTTPFetcher.php b/Auth/Yadis/ParanoidHTTPFetcher.php
@@ -128,6 +128,10 @@ function get($url, $extra_headers = null)
             curl_setopt($c, CURLOPT_TIMEOUT, $off);
             curl_setopt($c, CURLOPT_URL, $url);
 
+            if (defined('Auth_OpenID_VERIFY_HOST')) {
+                curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+                curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+            }
             curl_exec($c);
 
             $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
@@ -148,6 +152,11 @@ function get($url, $extra_headers = null)
                 $redir = false;
                 curl_close($c);
 
+                if (defined('Auth_OpenID_VERIFY_HOST') &&
+                    $this->isHTTPS($url)) {
+                    Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                                     'curl/get', $url);
+                }
                 $new_headers = array();
 
                 foreach ($headers as $header) {
@@ -192,15 +201,26 @@ function post($url, $body, $extra_headers = null)
         curl_setopt($c, CURLOPT_WRITEFUNCTION,
                     array($this, "_writeData"));
 
+        if (defined('Auth_OpenID_VERIFY_HOST')) {
+            curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
+            curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
+        }
+
         curl_exec($c);
 
         $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
 
         if (!$code) {
             Auth_OpenID::log("Got no response code when fetching %s", $url);
+            Auth_OpenID::log("CURL error (%s): %s",
+                             curl_errno($c), curl_error($c));
             return null;
         }
 
+        if (defined('Auth_OpenID_VERIFY_HOST') && $this->isHTTPS($url)) {
+            Auth_OpenID::log('OpenID: Verified SSL host %s using '.
+                             'curl/post', $url);
+        }
         $body = $this->data;
 
         curl_close($c);