__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<?php
namespace Dropbox;
/**
* Call the <code>test()</code> method.
*/
class SSLTester
{
/**
* Peforms a few basic tests of your PHP installation's SSL implementation to see
* if it insecure in an obvious way. Results are written with "echo" and the output
* is HTML-safe.
*
* @return bool
* Returns <code>true</code> if all the tests passed.
*/
static function test()
{
$hostOs = php_uname('s').' '.php_uname('r');
$phpVersion = phpversion();
$curlVersionInfo = \curl_version();
$curlVersion = $curlVersionInfo['version'];
$curlSslBackend = $curlVersionInfo['ssl_version'];
echo "-----------------------------------------------------------------------------\n";
echo "Testing your PHP installation's SSL implementation for a few obvious problems...\n";
echo "-----------------------------------------------------------------------------\n";
echo "- Host OS: $hostOs\n";
echo "- PHP version: $phpVersion\n";
echo "- cURL version: $curlVersion\n";
echo "- cURL SSL backend: $curlSslBackend\n";
echo "Basic SSL tests\n";
$basicFailures = self::testMulti(array(
array("www.dropbox.com", 'testAllowed'),
array("www.digicert.com", 'testAllowed'),
array("www.v.dropbox.com", 'testHostnameMismatch'),
array("testssl-expire.disig.sk", 'testUntrustedCert'),
));
echo "Pinned certificate tests\n";
$pinnedCertFailures = self::testMulti(array(
array("www.verisign.com", 'testUntrustedCert'),
array("www.globalsign.fr", 'testUntrustedCert'),
));
if ($basicFailures) {
echo "-----------------------------------------------------------------------------\n";
echo "WARNING: Your PHP installation's SSL support is COMPLETELY INSECURE.\n";
echo "Your app's communication with the Dropbox API servers can be viewed and\n";
echo "manipulated by others. Try upgrading your version of PHP.\n";
echo "-----------------------------------------------------------------------------\n";
return false;
}
else if ($pinnedCertFailures) {
echo "-----------------------------------------------------------------------------\n";
echo "WARNING: Your PHP installation's cURL module doesn't support SSL certificate\n";
echo "pinning, which is an important security feature of the Dropbox SDK.\n";
echo "\n";
echo "This SDK uses CURLOPT_CAINFO and CURLOPT_CAPATH to tell PHP cURL to only trust\n";
echo "our custom certificate list. But your PHP installation's cURL module seems to\n";
echo "trust certificates that aren't on that list.\n";
echo "\n";
echo "More information on SSL certificate pinning:\n";
echo "https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#What_Is_Pinning.3F\n";
echo "-----------------------------------------------------------------------------\n";
return false;
}
else {
return true;
}
}
private static function testMulti($tests)
{
$anyFailed = false;
foreach ($tests as $test) {
list($host, $testType) = $test;
echo " - ".str_pad("$testType ($host) ", 50, ".");
$url = "https://$host/";
$passed = self::$testType($url);
if ($passed) {
echo " ok\n";
} else {
echo " FAILED\n";
$anyFailed = true;
}
}
return $anyFailed;
}
private static function testAllowed($url)
{
$curl = RequestUtil::mkCurl("test-ssl", $url);
$curl->set(CURLOPT_RETURNTRANSFER, true);
$curl->exec();
return true;
}
private static function testUntrustedCert($url)
{
return self::testDisallowed($url, 'Error executing HTTP request: SSL certificate problem, verify that the CA cert is OK');
}
private static function testHostnameMismatch($url)
{
return self::testDisallowed($url, 'Error executing HTTP request: SSL certificate problem: Invalid certificate chain');
}
private static function testDisallowed($url, $expectedExceptionMessage)
{
$curl = RequestUtil::mkCurl("test-ssl", $url);
$curl->set(CURLOPT_RETURNTRANSFER, true);
try {
$curl->exec();
}
catch (Exception_NetworkIO $ex) {
if (strpos($ex->getMessage(), $expectedExceptionMessage) == 0) {
return true;
} else {
throw $ex;
}
}
return false;
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Exception | Folder | 0755 |
|
|
| WebAuthException | Folder | 0755 |
|
|
| certs | Folder | 0755 |
|
|
| AppInfo.php | File | 7.07 KB | 0644 |
|
| AppInfoLoadException.php | File | 326 B | 0644 |
|
| ArrayEntryStore.php | File | 1.13 KB | 0644 |
|
| AuthBase.php | File | 2.52 KB | 0644 |
|
| AuthInfo.php | File | 2.64 KB | 0644 |
|
| AuthInfoLoadException.php | File | 328 B | 0644 |
|
| Checker.php | File | 3.22 KB | 0644 |
|
| Client.php | File | 59.93 KB | 0644 |
|
| Curl.php | File | 4 KB | 0644 |
|
| CurlStreamRelay.php | File | 1.04 KB | 0644 |
|
| DeserializeException.php | File | 389 B | 0644 |
|
| DropboxMetadataHeaderCatcher.php | File | 1.93 KB | 0644 |
|
| Exception.php | File | 265 B | 0644 |
|
| Host.php | File | 2.65 KB | 0644 |
|
| HttpResponse.php | File | 246 B | 0644 |
|
| OAuth1AccessToken.php | File | 1.44 KB | 0644 |
|
| OAuth1Upgrader.php | File | 5.26 KB | 0644 |
|
| Path.php | File | 5.36 KB | 0644 |
|
| RequestUtil.php | File | 11.34 KB | 0644 |
|
| RootCertificates.php | File | 4.89 KB | 0644 |
|
| SSLTester.php | File | 4.74 KB | 0644 |
|
| Security.php | File | 2.08 KB | 0644 |
|
| StreamReadException.php | File | 316 B | 0644 |
|
| Util.php | File | 799 B | 0644 |
|
| ValueStore.php | File | 1.28 KB | 0644 |
|
| WebAuth.php | File | 10.23 KB | 0644 |
|
| WebAuthBase.php | File | 4.61 KB | 0644 |
|
| WebAuthNoRedirect.php | File | 2.95 KB | 0644 |
|
| WriteMode.php | File | 3.66 KB | 0644 |
|
| autoload.php | File | 844 B | 0644 |
|
| strict.php | File | 538 B | 0644 |
|