diff --git a/config.php.in b/config.php.in index 020769dd..94aed8ca 100644 --- a/config.php.in +++ b/config.php.in @@ -226,6 +226,7 @@ $config['TSA_URL'] = ''; $config['TSA_PUBLIC_KEY_FILE'] = ''; $config['TSA_START_ID'] = 1; $config['TSA_STAMP_REQUEST_UNIT_SIZE'] = 10000; +$config['TSA_VERIFY_CERTIFICATE'] = true; $config['DB_DRIVER'] = 'mysql'; $config['DB_PREFIX'] = ''; diff --git a/util/sign.php b/util/sign.php index 37a508fb..2903121f 100644 --- a/util/sign.php +++ b/util/sign.php @@ -82,9 +82,12 @@ if(MODE == 'time' && $data[COUNT] < 1) { exit; } -$requestfile_path = TrustedTimestamps::createRequestfile($data[HASH_VALUE]); - -$response = TrustedTimestamps::signRequestfile($requestfile_path, TSA_URL); +try { + $requestfile_path = TrustedTimestamps::createRequestfile($data[HASH_VALUE]); + $response = TrustedTimestamps::signRequestfile($requestfile_path, TSA_URL); +} catch(Exception $e) { + die("Error: " . $e->getMessage() . "\n"); +} $data[RESPONSE_STRING] = $response[RESPONSE_STRING]; $data[RESPONSE_TIME] = $response[RESPONSE_TIME]; diff --git a/webui/system/helper/TrustedTimestamps.php b/webui/system/helper/TrustedTimestamps.php index 5a218e9f..9dc702e5 100644 --- a/webui/system/helper/TrustedTimestamps.php +++ b/webui/system/helper/TrustedTimestamps.php @@ -69,12 +69,17 @@ class TrustedTimestamps curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents($requestfile_path)); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/timestamp-query')); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TSA_VERIFY_CERTIFICATE); + $binary_response_string = curl_exec($ch); + + $error = curl_error($ch); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); + curl_close($ch); if ($status != 200 || !strlen($binary_response_string)) - throw new Exception("The request failed"); + throw new Exception("The request failed. Status: $status, error: $error"); $base64_response_string = base64_encode($binary_response_string);