Automated cacert.pem management for PHP projects
Updated minimum version of sodium_compat to version 1.11.0
Per #25: We've made it substantially easier to specify a different Chronicle URL and Public Key in case the one we operate ever goes down.
There is a table located at https://github.com/paragonie/certainty/blob/master/docs/README.md#php-chronicle-replicas-for-certainty which contains (currently only one) replica instances of the PHP Chronicle.
NEW: Trust Channels
To better support Enterprise users that want to manage their own internal certificate authorities, we've marked each bundle with its respective trust channel. Since our CA bundles come from Mozilla, the JSON file we provide is populated with "trust-channel": "Mozilla".
NEW: Composer Integration
You can now have Certainty request an up-to-date bundle at runtime by ensuring you add this entry to your composer.json file:
{
"scripts": {
"post-autoload-dump": [
"ParagonIE\\Certainty\\Composer::postAutoloadDump"
]
}
}
Then, you can simply use the local Fetch class instead of RemoteFetch in your application code. Every time you run composer update, it will fetch the latest bundles from Certainty.
This is a great way to reduce your runtime performance overhead while guaranteeing that you have the latest CACert bundle.
Note: You can create your own script that does the same thing. This is probably desirable if you'd like to put your configuration in a nonstandard location.
UPDATED: Psalm v2 will now be used on PHP 7 projects. This ensures we'll have better visibility into type safety issues as Psalm adds more checks over time.
FIXED: #22 Prevent infinite loops when trying to fetch newer bundles by using the locally installed CACert.pem bundles. Fix provided by @credomane.
Fixes #18
Version 1.x is deprecated and we will not be providing noncommercial support. Please upgrade to v2 as soon as you can.
Fixed #16
ParagonIE_Sodium_Compat instead of ParagonIE_Sodium_File.CURLOPT_SSLVERSION.