Merge pull request #114 from cvette/feat/cv-tls-options

kdambekalns · web-flow · commit a215a9365f44 · 2025-03-14T20:20:00.000+01:00
feat: add SSL configuration options
diff --git a/Classes/Transfer/RequestService.php b/Classes/Transfer/RequestService.php
@@ -69,6 +69,23 @@ public function initializeObject()
         $requestEngine->setOption(CURLOPT_TIMEOUT, $this->settings['transfer']['connectionTimeout']);
         $requestEngine->setOption(CURLOPT_SSL_VERIFYPEER, $this->settings['transfer']['sslVerifyPeer'] ?? true ? 2 : 0);
         $requestEngine->setOption(CURLOPT_SSL_VERIFYHOST, $this->settings['transfer']['sslVerifyHost'] ?? true ? 2 : 0);
+
+        if (!empty($this->settings['transfer']['sslCaInfo'])) {
+            $requestEngine->setOption(CURLOPT_CAINFO, $this->settings['transfer']['sslCaInfo']);
+        }
+
+        if (!empty($this->settings['transfer']['sslKey'])) {
+            $requestEngine->setOption(CURLOPT_SSLKEY, $this->settings['transfer']['sslKey']);
+        }
+
+        if (!empty($this->settings['transfer']['sslCert'])) {
+            $requestEngine->setOption(CURLOPT_SSLCERT, $this->settings['transfer']['sslCert']);
+        }
+
+        if (!empty($this->settings['transfer']['sslKeyPasswd'])) {
+            $requestEngine->setOption(CURLOPT_SSLKEYPASSWD, $this->settings['transfer']['sslKeyPasswd']);
+        }
+
         $this->browser->setRequestEngine($requestEngine);
     }
 
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
@@ -15,6 +15,10 @@ Flowpack:
       connectionTimeout: 60
       sslVerifyPeer: true
       sslVerifyHost: true
+      sslCaInfo: ''
+      sslCert: ''
+      sslKey: ''
+      sslKeyPasswd: ''
 Neos:
   Flow:
     persistence:
diff --git a/Documentation/Index.rst b/Documentation/Index.rst
@@ -47,6 +47,23 @@ and password in your client settings::
 	          username: john
 	          password: mysecretpassword
 
+The following options are available to configure TLS connections. These correspond to the options provided by cURL::
+
+    sslVerifyHost: true
+    sslVerifyPeer: true
+
+    # CA certificate to verify the peer with
+    sslCaInfo: './root-ca.pem'
+
+    # file containing the private SSL key
+    sslKey: './client-key.pem'
+
+    # file containing the PEM formatted certificate
+    sslCert: './client.pem'
+
+    # password needed for the private SSL key
+    sslKeyPasswd: 'some-password'
+
 Running the Functional Tests
 ============================
 
