Validate Twitter SSL certificate for oauth2/token method

mynetx · mynetx · commit 753d457db5cf · 2013-06-22T12:21:17.000+02:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -3,6 +3,7 @@ codebird-php - changelog
 
 2.4.1 (not yet released)
 + #26 Stringify null and boolean parameters
++ Validate Twitter SSL certificate for oauth2/token method
 
 2.4.0 (2013-06-15)
 + Add contributing guidelines
diff --git a/src/codebird.php b/src/codebird.php
@@ -363,13 +363,32 @@ public function oauth2_token()
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
         curl_setopt($ch, CURLOPT_HEADER, 1);
-        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+        curl_setopt($ch, CURLOPT_CAINFO, __DIR__ . '/cacert.pem');
+
         curl_setopt($ch, CURLOPT_USERPWD, self::$_oauth_consumer_key . ':' . self::$_oauth_consumer_secret);
         curl_setopt($ch, CURLOPT_HTTPHEADER, array(
             'Expect:'
         ));
-        $reply      = curl_exec($ch);
+        $reply = curl_exec($ch);
+
+        // certificate validation results
+        $validation_result = curl_errno($ch);
+        if (in_array(
+                $validation_result,
+                array(
+                    CURLE_SSL_CERTPROBLEM,
+                    CURLE_SSL_CACERT,
+                    CURLE_SSL_CACERT_BADFILE,
+                    CURLE_SSL_CRL_BADFILE,
+                    CURLE_SSL_ISSUER_ERROR
+                )
+            )
+        ) {
+            throw new \Exception('Error ' . $validation_result . ' while validating the Twitter API certificate.');
+        }
+
         $httpstatus = curl_getinfo($ch, CURLINFO_HTTP_CODE);
         $reply = $this->_parseApiReply('oauth2/token', $reply);
         switch ($this->_return_format) {
