/** * @param string $filename * * @return bool */ private function validateCaFile($filename) { static $files = array(); if (isset($files[$filename])) { return $files[$filename]; } $this->io->writeError('Checking CA file ' . realpath($filename), true, IOInterface::DEBUG); $contents = file_get_contents($filename); // assume the CA is valid if php is vulnerable to // https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html if (!TlsHelper::isOpensslParseSafe()) { $this->io->writeError(sprintf('<error>Your version of PHP, %s, is affected by CVE-2013-6420 and cannot safely perform certificate validation, we strongly suggest you upgrade.</error>', PHP_VERSION)); return $files[$filename] = !empty($contents); } return $files[$filename] = (bool) openssl_x509_parse($contents); }