Fix how value of cURL's CURLOPT_SSL_VERIFYHOST is determined (#46)

slapo · web-flow · commit 2f253f9bb6c1 · 2023-02-24T22:46:16.000+09:00
* Reducing code duplication by utilising an existing method for setting cURL options in JiraClient.

* Adding and using a new method to determine the actual value to use when setting 'CURLOPT_SSL_VERIFYHOST' to fix PHP notices about trying to set it to an invalid value.
diff --git a/src/Configuration/AbstractConfiguration.php b/src/Configuration/AbstractConfiguration.php
@@ -161,6 +161,15 @@ public function getCurlOptUserAgent(): ?string
         return $this->curlOptUserAgent;
     }
 
+    public function getCurlOptSslVerifyHostValue(): int
+    {
+        return [
+            false => 0,
+            // See https://www.php.net/manual/en/function.curl-setopt.php for information why 2 needs to be here.
+            true => 2,
+        ][$this->isCurlOptSslVerifyHost()];
+    }
+
     public function getOAuthAccessToken(): string
     {
         return $this->oauthAccessToken;
diff --git a/src/Configuration/ConfigurationInterface.php b/src/Configuration/ConfigurationInterface.php
@@ -65,6 +65,11 @@ public function isCurlOptVerbose(): bool;
      */
     public function getCurlOptUserAgent(): ?string;
 
+    /**
+     * Get the actual value for Curl's CURLOPT_SSL_VERIFYHOST.
+     */
+    public function getCurlOptSslVerifyHostValue(): int;
+
     /**
      * HTTP header 'Authorization: Bearer {token}' for OAuth.
      */
diff --git a/src/JiraClient.php b/src/JiraClient.php
@@ -132,7 +132,7 @@ public function curlPrepare(\CurlHandle|bool $ch, array $curl_http_headers, ?str
     {
         $this->authorization($ch, $curl_http_headers, $cookieFile);
 
-        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->isCurlOptSslVerifyHost());
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->getCurlOptSslVerifyHostValue());
         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->getConfiguration()->isCurlOptSslVerifyPeer());
         if ($this->getConfiguration()->isCurlOptSslCert()) {
             curl_setopt($ch, CURLOPT_SSLCERT, $this->getConfiguration()->isCurlOptSslCert());
@@ -327,26 +327,7 @@ private function createUploadHandle(string $url, string $upload_file, \CurlHandl
             $this->log->debug('using CURLFile='.var_export($attachments, true));
         }
 
-        $this->authorization($ch, $curl_http_headers);
-
-        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $this->getConfiguration()->isCurlOptSslVerifyHost());
-        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->getConfiguration()->isCurlOptSslVerifyPeer());
-
-        if ($this->getConfiguration()->isCurlOptSslCert()) {
-            curl_setopt($ch, CURLOPT_SSLCERT, $this->getConfiguration()->isCurlOptSslCert());
-        }
-        if ($this->getConfiguration()->isCurlOptSslCertPassword()) {
-            curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $this->getConfiguration()->isCurlOptSslCertPassword());
-        }
-        if ($this->getConfiguration()->isCurlOptSslKey()) {
-            curl_setopt($ch, CURLOPT_SSLKEY, $this->getConfiguration()->isCurlOptSslKey());
-        }
-        if ($this->getConfiguration()->isCurlOptSslKeyPassword()) {
-            curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $this->getConfiguration()->isCurlOptSslKeyPassword());
-        }
-        if ($this->getConfiguration()->getTimeout()) {
-            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->getConfiguration()->getTimeout());
-        }
+        $curl_http_headers = $this->curlPrepare($ch, $curl_http_headers);
 
         $this->proxyConfigCurlHandle($ch);
 
diff --git a/tests/Curl/SslVerifyHostTest.php b/tests/Curl/SslVerifyHostTest.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace JiraCloud\Test\Curl;
+
+use JiraCloud\Configuration\{
+    AbstractConfiguration,
+    ConfigurationInterface,
+};
+use PHPUnit\Framework\TestCase;
+
+class SslVerifyHostTest extends TestCase
+{
+    /**
+     * @dataProvider sslVerifyHostGetterDataSource
+     */
+    public function testSslVerifyHostGetter(bool $curlOptSslVerifyHost, int $expectedResult): void
+    {
+        $this->assertEquals(
+            $expectedResult,
+            $this->getTestedInstance($curlOptSslVerifyHost)->getCurlOptSslVerifyHostValue()
+        );
+    }
+
+    public function sslVerifyHostGetterDataSource(): array
+    {
+        return [
+            'turned off' => [
+                'curlOptSslVerifyHost' => false,
+                'expectedResult' => 0,
+            ],
+            'turned on' => [
+                'curlOptSslVerifyHost' => true,
+                'expectedResult' => 2,
+            ],
+        ];
+    }
+
+    /**
+     * @dataProvider setterSanityDataSource
+     */
+    public function testSetterSanity(int $curlOptSslVerifyHostValue, bool $expectError): void
+    {
+        $errorTriggered = false;
+
+        $noticeHandler = function (
+            int $number,
+            string $message,
+            string $file,
+            int $line
+        ) use (&$errorTriggered): bool {
+            $errorTriggered = true;
+
+            return true;
+        };
+
+        set_error_handler($noticeHandler, E_NOTICE);
+
+        // Note that the host isn't really important here.
+        $curlResource = curl_init("https://localhost/");
+        curl_setopt($curlResource, CURLOPT_SSL_VERIFYHOST, $curlOptSslVerifyHostValue);
+        curl_close($curlResource);
+
+        $this->assertEquals($expectError, $errorTriggered);
+
+        restore_error_handler();
+    }
+
+    public function setterSanityDataSource(): array
+    {
+        return [
+            'turned off' => [
+                'curlOptSslVerifyHostValue' => 0,
+                'expectError' => false,
+            ],
+            'turned on' => [
+                'curlOptSslVerifyHostValue' => 2,
+                'expectError' => false,
+            ],
+            'using old "on" value' => [
+                'curlOptSslVerifyHostValue' => 1,
+                'expectError' => true,
+            ],
+        ];
+    }
+
+    protected function getTestedInstance(bool $curlOptSslVerifyHost): ConfigurationInterface
+    {
+        return new class ($curlOptSslVerifyHost) extends AbstractConfiguration
+        {
+            public function __construct(bool $curlOptSslVerifyHost)
+            {
+                $this->curlOptSslVerifyHost = $curlOptSslVerifyHost;
+            }
+        };
+    }
+}
