powercloudgmbh
diff --git a/‎ChangeLog
Lines changed: 2 additions & 0 deletions b/‎ChangeLog
Lines changed: 2 additions & 0 deletions
diff --git a/‎composer.json
Lines changed: 2 additions & 1 deletion b/‎composer.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎libraries/certs/12d55845.0
Lines changed: 0 additions & 20 deletions b/‎libraries/certs/12d55845.0
Lines changed: 0 additions & 20 deletions
diff --git a/‎libraries/certs/2e5ac55d.0
Lines changed: 0 additions & 20 deletions b/‎libraries/certs/2e5ac55d.0
Lines changed: 0 additions & 20 deletions
diff --git a/‎libraries/certs/4042bcee.0
Lines changed: 0 additions & 31 deletions b/‎libraries/certs/4042bcee.0
Lines changed: 0 additions & 31 deletions
diff --git a/‎libraries/certs/6187b673.0
Lines changed: 0 additions & 31 deletions b/‎libraries/certs/6187b673.0
Lines changed: 0 additions & 31 deletions
diff --git a/‎libraries/certs/README.rst
Lines changed: 0 additions & 16 deletions b/‎libraries/certs/README.rst
Lines changed: 0 additions & 16 deletions
diff --git a/‎libraries/certs/cacert.pem
Lines changed: 0 additions & 51 deletions b/‎libraries/certs/cacert.pem
Lines changed: 0 additions & 51 deletions
diff --git a/‎libraries/classes/Utils/HttpRequest.php
Lines changed: 23 additions & 41 deletions b/‎libraries/classes/Utils/HttpRequest.php
Lines changed: 23 additions & 41 deletions
diff --git a/‎scripts/check-release-excludes.sh
Lines changed: 0 additions & 5 deletions b/‎scripts/check-release-excludes.sh
Lines changed: 0 additions & 5 deletions
@@ -21,6 +21,8 @@ phpMyAdmin - ChangeLog
 - issue #16425 Add "DELETE FROM" table on table operations page
 - issue #16482 Add a select all link for table-specific privileges
 - issue #14276 Add support for account locking
+- issue #17143 Use composer/ca-bundle to manage the CA cert file
+- issue #17143 Require the openssl PHP extension
 
 5.1.2 (not yet released)
 - issue        Replaced MySQL documentation redirected links
 
@@ -44,8 +44,10 @@
         "ext-iconv": "*",
         "ext-json": "*",
         "ext-mysqli": "*",
+        "ext-openssl": "*",
         "ext-pcre": "*",
         "ext-xml": "*",
+        "composer/ca-bundle": "^1.2",
         "google/recaptcha": "^1.1",
         "nikic/fast-route": "^1.3",
         "phpmyadmin/motranslator": "^5.0",
@@ -73,7 +75,6 @@
         "tecnickcom/tcpdf": "<6.2"
     },
     "suggest": {
-        "ext-openssl": "Cookie encryption",
         "ext-curl": "Updates checking",
         "ext-opcache": "Better performance",
         "ext-zlib": "For gz import and export",
 
@@ -4,6 +4,8 @@
 
 namespace PhpMyAdmin\Utils;
 
+use Composer\CaBundle\CaBundle;
+
 use function base64_encode;
 use function curl_exec;
 use function curl_getinfo;
@@ -15,14 +17,14 @@
 use function ini_get;
 use function intval;
 use function is_array;
+use function is_dir;
 use function parse_url;
 use function preg_match;
 use function stream_context_create;
 use function strlen;
 
 use const CURL_IPRESOLVE_V4;
 use const CURLINFO_HTTP_CODE;
-use const CURLINFO_SSL_VERIFYRESULT;
 use const CURLOPT_CAINFO;
 use const CURLOPT_CAPATH;
 use const CURLOPT_CONNECTTIMEOUT;
@@ -145,7 +147,6 @@ private function response(
      * @param bool   $returnOnlyStatus If set to true, the method would only return response status
      * @param mixed  $content          Content to be sent with HTTP request
      * @param string $header           Header to be set for the HTTP request
-     * @param int    $ssl              SSL mode to use
      *
      * @return string|bool|null
      */
@@ -154,8 +155,7 @@ private function curl(
         $method,
         $returnOnlyStatus = false,
         $content = null,
-        $header = '',
-        $ssl = 0
+        $header = ''
     ) {
         $curlHandle = curl_init($url);
         if ($curlHandle === false) {
@@ -188,21 +188,14 @@ private function curl(
             $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $content);
         }
 
-        $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, '2');
-        $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, '1');
-
-        /**
-         * Configure ISRG Root X1 to be able to verify Let's Encrypt SSL
-         * certificates even without properly configured curl in PHP.
-         *
-         * See https://letsencrypt.org/certificates/
-         */
-        $certsDir = ROOT_PATH . 'libraries/certs/';
-        /* See code below for logic */
-        if ($ssl == CURLOPT_CAPATH) {
-            $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_CAPATH, $certsDir);
-        } elseif ($ssl == CURLOPT_CAINFO) {
-            $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_CAINFO, $certsDir . 'cacert.pem');
+        $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 2);
+        $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, true);
+
+        $caPathOrFile = CaBundle::getSystemCaRootBundlePath();
+        if (is_dir($caPathOrFile)) {
+            $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_CAPATH, $caPathOrFile);
+        } else {
+            $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_CAINFO, $caPathOrFile);
         }
 
         $curlStatus &= (int) curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
@@ -217,28 +210,6 @@ private function curl(
 
         $response = @curl_exec($curlHandle);
         if ($response === false) {
-            /*
-             * In case of SSL verification failure let's try configuring curl
-             * certificate verification. Unfortunately it is tricky as setting
-             * options incompatible with PHP build settings can lead to failure.
-             *
-             * So let's rather try the options one by one.
-             *
-             * 1. Try using system SSL storage.
-             * 2. Try setting CURLOPT_CAINFO.
-             * 3. Try setting CURLOPT_CAPATH.
-             * 4. Fail.
-             */
-            if (curl_getinfo($curlHandle, CURLINFO_SSL_VERIFYRESULT) != 0) {
-                if ($ssl == 0) {
-                    return $this->curl($url, $method, $returnOnlyStatus, $content, $header, CURLOPT_CAINFO);
-                }
-
-                if ($ssl == CURLOPT_CAINFO) {
-                    return $this->curl($url, $method, $returnOnlyStatus, $content, $header, CURLOPT_CAPATH);
-                }
-            }
-
             return null;
         }
 
@@ -273,6 +244,10 @@ private function fopen(
                 'user_agent' => 'phpMyAdmin',
                 'header' => 'Accept: */*',
             ],
+            'ssl' => [
+                'verify_peer' => true,
+                'verify_peer_name' => true,
+            ],
         ];
         if ($header) {
             $context['http']['header'] .= "\n" . $header;
@@ -282,6 +257,13 @@ private function fopen(
             $context['http']['content'] = $content;
         }
 
+        $caPathOrFile = CaBundle::getSystemCaRootBundlePath();
+        if (is_dir($caPathOrFile)) {
+            $context['ssl']['capath'] = $caPathOrFile;
+        } else {
+            $context['ssl']['cafile'] = $caPathOrFile;
+        }
+
         $context = $this->handleContext($context);
         $response = @file_get_contents(
             $url,
 
@@ -100,11 +100,6 @@ validateExtension() {
                 foundFileExt
             fi
         ;;
-        libraries/certs/*)
-            if [ "${extension}" != "0" -a "${extension}" != "rst" -a "${extension}" != "pem" ]; then
-                foundFileExt
-            fi
-        ;;
         libraries/*)
             if [ \
                 "${extension}" != "php" -a "${extension}" != "md" \