Merge branch 'cacert' into 2.4

app/Lib/Tools/SyncTool.php

@@ -6,7 +6,6 @@ class SyncTool
     public function setupHttpSocket($server = null)
     {
         $params = array();
-        App::uses('HttpSocket', 'Network/Http');
         if (!empty($server)) {
             if ($server['Server']['cert_file']) {
                 $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem';
@@ -22,20 +21,33 @@ class SyncTool
                 }
             }
         }
-        $HttpSocket = new HttpSocket($params);
-        if (empty($server['Server']['skip_proxy'])) {
-            $proxy = Configure::read('Proxy');
-            if (isset($proxy['host']) && !empty($proxy['host'])) {
-                $HttpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']);
-            }
-        }
-        return $HttpSocket;
+
+        return $this->createHttpSocket($params);
     }
 
     public function setupHttpSocketFeed($feed = null)
     {
+        return $this->setupHttpSocket();
+    }
+
+    /**
+     * @param array $params
+     * @return HttpSocket
+     * @throws Exception
+     */
+    private function createHttpSocket($params = array())
+    {
+        // Use own CA PEM file
+        $caPath = Configure::read('MISP.ca_path');
+        if (!isset($params['ssl_cafile']) && $caPath) {
+            if (!file_exists($caPath)) {
+                throw new Exception("CA file '$caPath' doesn't exists.");
+            }
+            $params['ssl_cafile'] = $caPath;
+        }
+
         App::uses('HttpSocket', 'Network/Http');
-        $HttpSocket = new HttpSocket();
+        $HttpSocket = new HttpSocket($params);
         $proxy = Configure::read('Proxy');
         if (isset($proxy['host']) && !empty($proxy['host'])) {
             $HttpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']);

app/Model/Server.php

@@ -217,6 +217,16 @@ class Server extends AppModel
                                 'type' => 'string',
                                 'cli_only' => 1
                         ),
+                        'ca_path' => array(
+                                'level' => 1,
+                                'description' => __('MISP will default to the bundled mozilla certificate bundle shipped with the framework, which is rather stale. If you wish to use an alternate bundle, just set this setting using the path to the bundle to use. This setting can only be modified via the CLI.'),
+                                'value' => APP . 'Lib/cakephp/lib/Cake/Config/cacert.pem',
+                                'errorMessage' => '',
+                                'null' => true,
+                                'test' => 'testForCABundle',
+                                'type' => 'string',
+                                'cli_only' => 1
+                        ),
                         'disable_auto_logout' => array(
                                 'level' => 1,
                                 'description' => __('In some cases, a heavily used MISP instance can generate unwanted blackhole errors due to a high number of requests hitting the server. Disable the auto logout functionality to ease the burden on the system.'),
@@ -3381,6 +3391,17 @@ class Server extends AppModel
         return $this->__testForFile($value, APP . 'files' . DS . 'terms');
     }
 
+    public function testForCABundle($value)
+    {
+        $file = new File($value);
+        if (!$file->exists()) {
+            return __('Invalid file path or file not accessible.');
+        }
+        if ($file->ext() !== 'pem') {
+            return __('File has to be in .pem format.');
+        }
+    }
+
     public function testForStyleFile($value)
     {
         if (empty($value)) {