Page MenuHomePhorge
Create Task
Maniphest T221

Make Payment API HTTP Options configurable
Closed, ResolvedPublic3 Story Points
Actions

Description

The #HKCCP should allow for setting HTTP options for connections to payment providers such as

  • ssl_verify_peer
  • ssl_verify_host

in order to verify the SSL certificates presented by the contacted payment server and to prevent MITM attacks on payment transactions.

Details

Ticket Type
Task

Event Timeline

grote created this task.May 13 2015, 4:46 AM
grote raised the priority of this task from to 60.
grote updated the task description. (Show Details)
grote added projects: Product Owners, Restricted Project, Architecture & Design.
grote changed Ticket Type from Task to Task.
grote added subscribers: grote, bruederli.
bruederli added a comment.May 13 2015, 9:04 AM

Basically all options one can pass to the HTTP_Request2 constructor should be configurable, including

  • adapter
  • ssl_cafile
  • ssl_capath
  • ssl_local_cert
  • timeout
  • connect_timeout

The options could be set as a hash value in the payment provider config section:

[payment "paypal"]
provider = paypal
...
httpopts = { ssl_verify_peer=1, ssl_verify_host=1 }
grote moved this task from Incoming to In Sprint on the Product Owners board.May 26 2015, 7:12 AM
vanmeeuwen added subscribers: petersen, vanmeeuwen.Jun 11 2015, 9:32 AM
In T221#2797, @bruederli wrote:

Basically all options one can pass to the HTTP_Request2 constructor should be configurable, including

You mean, they should already be configurable (current codebase?).

If so, @grote, this becomes an ops item (different Phabricator via @petersen for the moment).

bruederli added a comment.Jun 11 2015, 11:34 AM
In T221#5523, @vanmeeuwen wrote:
In T221#2797, @bruederli wrote:

Basically all options one can pass to the HTTP_Request2 constructor should be configurable, including

You mean, they should already be configurable (current codebase?).

Nope, this should read "shall be configurable" after the small implementation work this ticket is intended for.

vanmeeuwen edited projects, added Restricted Project; removed Architecture & Design.Jun 11 2015, 11:52 AM
grote raised the priority of this task from 60 to High.Jun 15 2015, 4:11 PM
machniak claimed this task.Jun 25 2015, 9:59 AM
machniak edited a custom field.
machniak moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jun 25 2015, 1:25 PM
machniak closed this task as Resolved.Jun 25 2015, 2:11 PM

Implemented and should work for all except Stripe which has its own HTTP communication implementation.

machniak moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jun 25 2015, 2:11 PM