This should be a slight improvement in setting ciphers - we'll punt on RedHat but open up the list just for openssl distros which seem to have all the problems at the moment.
This commit is contained in:
friendica
parent
f14596b1eb
commit
7375e30506
2
boot.php
2
boot.php
@ -47,7 +47,7 @@ define ( 'RED_PLATFORM', 'Red Matrix' );
|
||||
define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R');
|
||||
define ( 'ZOT_REVISION', 1 );
|
||||
|
||||
define ( 'DB_UPDATE_VERSION', 1103 );
|
||||
define ( 'DB_UPDATE_VERSION', 1104 );
|
||||
|
||||
define ( 'EOL', '<br />' . "\r\n" );
|
||||
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
|
||||
|
||||
@ -44,9 +44,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
|
||||
@curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)");
|
||||
|
||||
$ciphers = @get_config('system','curl_ssl_ciphers');
|
||||
if(! $ciphers)
|
||||
$ciphers = 'ALL:!eNULL';
|
||||
|
||||
if($ciphers)
|
||||
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
|
||||
|
||||
if (x($opts,'accept_content')){
|
||||
@ -152,9 +150,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
|
||||
@curl_setopt($ch, CURLOPT_USERAGENT, "Red");
|
||||
|
||||
$ciphers = @get_config('system','curl_ssl_ciphers');
|
||||
if(! $ciphers)
|
||||
$ciphers = 'ALL:!eNULL';
|
||||
|
||||
if($ciphers)
|
||||
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
define( 'UPDATE_VERSION' , 1103 );
|
||||
define( 'UPDATE_VERSION' , 1104 );
|
||||
|
||||
/**
|
||||
*
|
||||
@ -1159,3 +1159,10 @@ function update_r1102() {
|
||||
);
|
||||
return UPDATE_SUCCESS;
|
||||
}
|
||||
|
||||
function update_r1103() {
|
||||
$x = curl_version();
|
||||
if(stristr($x['ssl_version'],'openssl'))
|
||||
set_config('system','curl_ssl_ciphers','ALL:!eNULL');
|
||||
return UPDATE_SUCCESS;
|
||||
}
|
||||
|
||||
@ -605,9 +605,28 @@ function what_next() {
|
||||
$a = get_app();
|
||||
// install the standard theme
|
||||
set_config('system','allowed_themes','redbasic');
|
||||
|
||||
// Set a lenient list of ciphers if using openssl. Other ssl engines
|
||||
// (e.g. NSS used in RedHat) require different syntax, so hopefully
|
||||
// the default curl cipher list will work for most sites. If not,
|
||||
// this can set via config. Many distros are now disabling RC4,
|
||||
// but many Red sites still use it and are unable to change it.
|
||||
// We do not use SSL for encryption, only to protect session cookies.
|
||||
// z_fetch_url() is also used to import shared links and other content
|
||||
// so in theory most any cipher could show up and we should do our best
|
||||
// to make the content available rather than tell folks that there's a
|
||||
// weird SSL error which they can't do anything about.
|
||||
|
||||
$x = curl_version();
|
||||
if(stristr($x['ssl_version'],'openssl'))
|
||||
set_config('system','curl_ssl_ciphers','ALL:!eNULL');
|
||||
|
||||
|
||||
// Create a system channel
|
||||
require_once ('include/identity.php');
|
||||
create_sys_channel();
|
||||
|
||||
|
||||
$baseurl = $a->get_baseurl();
|
||||
return
|
||||
t('<h1>What next</h1>')
|
||||
|
||||
@ -85,13 +85,6 @@ $a->config['system']['php_path'] = '{{$phpath}}';
|
||||
|
||||
$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;
|
||||
|
||||
|
||||
// libcurl default ciphers - Redhat and NSS based systems may use a different
|
||||
// syntax. This indicates the ciphers we will accept when connecting to any
|
||||
// https site. We want this to be as liberal as possible.
|
||||
|
||||
$a->config['system']['curl_ssl_ciphers'] = 'ALL:!eNULL';
|
||||
|
||||
// default system theme
|
||||
|
||||
$a->config['system']['theme'] = 'redbasic';
|
||||
|
||||
Reference in New Issue
Block a user