Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Verify Peer #1053

Merged
merged 5 commits into from
Sep 19, 2016
Merged

SSL Verify Peer #1053

merged 5 commits into from
Sep 19, 2016

Conversation

w00fz
Copy link
Member

@w00fz w00fz commented Sep 19, 2016

Overview

In some occasions we've noticed people unable to connect to GPM. After further investigations it turns out that on some systems (Windows only has been confirmed so far), the SSL certificate cannot be verified, causing GPM to fail (references: #1044, #1008 and potentially #850).
The to go solution is to disable the peer verification from cURL and fopen.

Purpose

This PR adds 2 new optional system config: system.gpm.verify_peer (default: true) and system.gpm.method (default: auto).

system.gpm.verify_peer

When enabled, the SSL certificate gets verified by either fopen or cURL methods. If disabled the checks is skipped (this is not advised but might be the only viable solution for some people)

system.gpm.method

By default is set to auto. Auto automatically tests if the fopen mechanism is available and if it is gets used. Otherwise it tries to see if cURL is available and if it is use that instead.

Usually auto works fine but there might be some instances where some might want to force either methods. This new setting will allow to do so.

Notes

  • As long as the changes reported above, this PR also makes some code rearrangement for the Proxy, it should just work the same but might be good to get this reviewed/tested.
  • This PR also introduces settings for Admin, new lang have been added with getgrav/grav-plugin-admin@0a2b1d7.

rhukster
rhukster approved these changes Sep 19, 2016
View reviewed changes
Copy link
Member

@rhukster rhukster left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@w00fz w00fz mentioned this pull request Sep 19, 2016
Closed
@w00fz w00fz merged commit afc7963 into develop Sep 19, 2016
@w00fz w00fz mentioned this pull request Sep 23, 2016
Closed
@w00fz
Copy link
Member Author

w00fz commented Sep 23, 2016

Missing code ref. c4f71c9

@flaviocopes flaviocopes mentioned this pull request Oct 3, 2016
Closed
@rhukster rhukster deleted the feature/ssl-verify-peer branch February 10, 2017 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhukster rhukster rhukster approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@w00fz @rhukster