[geeklog-devel] Oauth Login and open_basedir

Tom websitemaster at cogeco.net
Thu Nov 21 17:18:06 EST 2013 

Hi Yuji,

Thanks for pointing that out and actually that was one of the things on my
list to review. I highly doubt it will make it into this version of Geeklog
as my time has become pretty limited for the next few months. It sounds like
you know a fair bit about it. Can you add in a feature report for it in our
Geeklog Bugtracker and if you are willing/able/have the time submit a patch?

The other thing that needs fixing with OAuth logins is the profile pictures.
They currently do not follow Geeklogs settings in the config (and the Google
Plus pictures can get pretting big).

Tom

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Yuji Tsuchida
Sent: November-21-13 7:26 AM
To: Geeklog Development
Subject: Re: [geeklog-devel] Oauth Login and open_basedir

I have one question.

Why you set 'ssl_verify_peer' => false and 'ssl_verify_host'   => false?

I think it is not safety(ex. DNS spoofing), and you might want to
'ssl_verify_peer' =>  true and 'ssl_cafile' => '/somewhere/ca-bundle.crt'
(or 'ssl_capath' => '/etc/ssl/certs/')

You can get ca-bundle.crt from http://curl.haxx.se/ca/.

#wget http://curl.haxx.se/ca/cacert.pem  -O ca-bundle.crt

And  Wordpress(>ver3.7) with ca-bundle.crt in it.

Geeklog is secure?


2013/11/19 Tom <websitemaster at cogeco.net>:
> Yeah as soon as I wrote that I realized my mistake. No I don't use a
proxy.
> I am going to have to step through the code again and figure out the
issue.
> I am not sure what happen as it was working fine a couple of weeks ago.
>
> Tom
>
> -----Original Message-----
> From: geeklog-devel-bounces at lists.geeklog.net
> [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Kenji 
> ITO
> Sent: November-19-13 6:46 AM
> To: Geeklog Development
> Subject: Re: [geeklog-devel] Oauth Login and open_basedir
>
> Tom wrote:
>
>> I may have spoken to soon.  Google Oauth login is not working at the 
>> moment.
>> HTTP_Request2_Adapter_Socket should be able to handle https requests 
>> right?
>
> It should be, since Facebook Oauth login, which also requires https, 
> works well.
>
> Do you happen to use proxies without setting proxy configurations?[1]
>
> [1] 
> http://pear.php.net/manual/en/package.http.http-request2.config.php
> --
> mystral-kk (Kenji ITO)
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

More information about the geeklog-devel mailing list