From 43d5f421cb9ab38dc8ea88a00775cf738e611b0a Mon Sep 17 00:00:00 2001 From: ashokak Date: Mon, 23 Apr 2012 12:55:50 -0300 Subject: [PATCH 1/5] Avoid disabling SSL certificate verification. Since 7.10, curl will verify the certificate by default. Users who get certificate errors should check their curl installation/configuration, and fix that, rather than connecting to anyone claiming to be FreshBooks. --- lib/FreshBooksRequest.php | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/FreshBooksRequest.php b/lib/FreshBooksRequest.php index 2d15962..2b10e2d 100644 --- a/lib/FreshBooksRequest.php +++ b/lib/FreshBooksRequest.php @@ -163,7 +163,6 @@ public function request() curl_setopt($ch, CURLOPT_TIMEOUT, 40); // times out after 40s curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); // add POST fields curl_setopt($ch, CURLOPT_USERPWD, self::$_token . ':X'); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); From da034d95c8a9b57dac50a572b2a46cc780ee2b88 Mon Sep 17 00:00:00 2001 From: Ashok Argent-Katwala Date: Tue, 24 Apr 2012 16:59:24 -0400 Subject: [PATCH 2/5] Revert "Avoid disabling SSL certificate verification." This reverts commit 43d5f421cb9ab38dc8ea88a00775cf738e611b0a. --- lib/FreshBooksRequest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/FreshBooksRequest.php b/lib/FreshBooksRequest.php index 2b10e2d..2d15962 100644 --- a/lib/FreshBooksRequest.php +++ b/lib/FreshBooksRequest.php @@ -163,6 +163,7 @@ public function request() curl_setopt($ch, CURLOPT_TIMEOUT, 40); // times out after 40s curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); // add POST fields curl_setopt($ch, CURLOPT_USERPWD, self::$_token . ':X'); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); From 8c5131eff831505abd5f92da34aee46cdd021b5f Mon Sep 17 00:00:00 2001 From: ashokak Date: Tue, 24 Apr 2012 17:52:40 -0300 Subject: [PATCH 3/5] Perform SSL verification by default, but provide a method to disable it. --- lib/FreshBooksRequest.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/FreshBooksRequest.php b/lib/FreshBooksRequest.php index 2d15962..849d0e5 100644 --- a/lib/FreshBooksRequest.php +++ b/lib/FreshBooksRequest.php @@ -67,6 +67,12 @@ public static function init($domain, $token) { self::$_domain = $domain; self::$_token = $token; + self::$_disable_ssl_verification = false; + } + + public static function disableSSLVerification() + { + self::$_disable_ssl_verification = true; } /* @@ -163,7 +169,9 @@ public function request() curl_setopt($ch, CURLOPT_TIMEOUT, 40); // times out after 40s curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); // add POST fields curl_setopt($ch, CURLOPT_USERPWD, self::$_token . ':X'); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + if (self::$_disable_ssl_verification) { + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + } $result = curl_exec($ch); From 462644ff68f0235316ba4aaee0482c63a3bd3cea Mon Sep 17 00:00:00 2001 From: Ashok Argent-Katwala Date: Tue, 24 Apr 2012 17:03:01 -0400 Subject: [PATCH 4/5] Fix up dodgy whitespace. --- lib/FreshBooksRequest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/FreshBooksRequest.php b/lib/FreshBooksRequest.php index 849d0e5..1827b54 100644 --- a/lib/FreshBooksRequest.php +++ b/lib/FreshBooksRequest.php @@ -69,7 +69,7 @@ public static function init($domain, $token) self::$_token = $token; self::$_disable_ssl_verification = false; } - + public static function disableSSLVerification() { self::$_disable_ssl_verification = true; From 3e622ac8bfb6f7e7e2bfcba76b436f3543c6784f Mon Sep 17 00:00:00 2001 From: Ashok Argent-Katwala Date: Tue, 24 Apr 2012 17:09:37 -0400 Subject: [PATCH 5/5] Add documenting comment for the consequences of disabling SSL verification. --- lib/FreshBooksRequest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lib/FreshBooksRequest.php b/lib/FreshBooksRequest.php index 1827b54..c55c855 100644 --- a/lib/FreshBooksRequest.php +++ b/lib/FreshBooksRequest.php @@ -70,6 +70,18 @@ public static function init($domain, $token) self::$_disable_ssl_verification = false; } + /* + * Turn off SSL peer verification. + * + * You may need to do this if your curl installation does not have + * the proper certificate authority information. + * + * If possible, fix your curl configuration instead as with this + * option set, intermediaries will be able to pretend to be + * FreshBooks. + * + * @return null + */ public static function disableSSLVerification() { self::$_disable_ssl_verification = true;