(stable) Promote 2020 Week 19

src/future/http/HTTPSFuture.php

@@ -27,6 +27,8 @@ final class HTTPSFuture extends BaseHTTPFuture {
   private $parser;
   private $progressSink;
 
+  private $curlOptions = array();
+
   /**
    * Create a temp file containing an SSL cert, and use it for this session.
    *
@@ -164,6 +166,22 @@ final class HTTPSFuture extends BaseHTTPFuture {
     return $this->progressSink;
   }
 
+  /**
+   * See T13533. This supports an install-specific Kerberos workflow.
+   */
+  public function addCURLOption($option_key, $option_value) {
+    if (!is_scalar($option_key)) {
+      throw new Exception(
+        pht(
+          'Expected option key passed to "addCurlOption(<key>, ...)" to be '.
+          'a scalar, got "%s".',
+          phutil_describe_type($option_key)));
+    }
+
+    $this->curlOptions[] = array($option_key, $option_value);
+    return $this;
+  }
+
   /**
    * Attach a file to the request.
    *
@@ -409,6 +427,24 @@ final class HTTPSFuture extends BaseHTTPFuture {
         curl_setopt($curl, CURLOPT_PROXY, (string)$proxy);
       }
 
+      foreach ($this->curlOptions as $curl_option) {
+        list($curl_key, $curl_value) = $curl_option;
+        try {
+          $ok = curl_setopt($curl, $curl_key, $curl_value);
+          if (!$ok) {
+            throw new Exception(
+              pht(
+                'Call to "curl_setopt(...)" returned "false".'));
+          }
+        } catch (Exception $ex) {
+          throw new PhutilProxyException(
+            pht(
+              'Call to "curl_setopt(...) failed for option key "%s".',
+              $curl_key),
+            $ex);
+        }
+      }
+
       if ($is_download) {
         $this->downloadHandle = @fopen($this->downloadPath, 'wb+');
         if (!$this->downloadHandle) {

src/future/http/status/HTTPFutureCURLResponseStatus.php

@@ -43,7 +43,7 @@ final class HTTPFutureCURLResponseStatus extends HTTPFutureResponseStatus {
         'negotiating the SSL connection. This usually indicates that you are '.
         'using a self-signed certificate but have not added your CA to the '.
         'CA bundle. See instructions in "%s".',
-        'libphutil/resources/ssl/README'),
+        'arcanist/resources/ssl/README'),
 
       // Apparently there's no error constant for this? In cURL it's
       // CURLE_SSL_CACERT_BADFILE but there's no corresponding constant in
@@ -58,7 +58,7 @@ final class HTTPFutureCURLResponseStatus extends HTTPFutureResponseStatus {
         'local host has some sort of SSL misconfiguration which prevents it '.
         'from accepting the CA. If you are using a self-signed certificate, '.
         'see instructions in "%s".',
-        'libphutil/resources/ssl/README'),
+        'arcanist/resources/ssl/README'),
 
       CURLE_OPERATION_TIMEOUTED => pht(
         'The request took too long to complete.'),

src/future/http/status/HTTPFutureCertificateResponseStatus.php

@@ -27,7 +27,7 @@ final class HTTPFutureCertificateResponseStatus
       "line, or by visiting the site in Safari and choosing to trust the ".
       "certificate permanently.\n\n".
       'For more information, see instructions in "%s".',
-      'libphutil/resources/ssl/README');
+      'arcanist/resources/ssl/README');
   }
 
 }