make cli work without valid ssl cert, add cert check to checker

Author: hinanaya

cli/ob.php

@@ -38,7 +38,8 @@ public function run()
         require_once(__DIR__ . '/../core/init.php');
 
         // Confirm that process is running as same user that web process uses, otherwise all sorts of permission
-        // problems may happen and checks cannot be guaranteed to make sense.
+        // problems may happen and checks cannot be guaranteed to make sense. Note that this purposely ignores
+        // self-signed or invalid SSL certificates.
         $token = bin2hex(random_bytes(32));
         $tmpFile = "/tmp/ob_cli_{$token}";
         touch($tmpFile);
@@ -49,6 +50,8 @@ public function run()
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_NOBODY => true,
             CURLOPT_TIMEOUT => 5,
+            CURLOPT_SSL_VERIFYPEER => false,
+            CURLOPT_SSL_VERIFYHOST => false,
         ]);
         curl_exec($ch);
         $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

public/updates/checker.php

@@ -411,4 +411,24 @@ public function database_version()
 
         return ['Database Version', 'Database version found: ' . $dbver['value'] . '.',0];
     }
+
+    public function certificate_valid()
+    {
+        $ch = curl_init(OB_SITE);
+        curl_setopt_array($ch, [
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_SSL_VERIFYPEER => true,
+            CURLOPT_NOBODY => true,
+        ]);
+        if (curl_exec($ch) === false) {
+            $errorCode = curl_errno($ch);
+            $errorMessage = curl_error($ch);
+
+            if ($errorCode === CURLE_SSL_CACERT || $errorCode === CURLE_SSL_PEER_CERTIFICATE) {
+                return ['SSL Certificate', $errorMessage, 1];
+            }
+        }
+
+        return ['SSL Certificate', 'SSL certificate valid.', 0];
+    }
 }