harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssl ciphers - be liberal in what we accept, conservative in what we generate

Browse Source
This commit is contained in:
friendica
2014-03-24 17:16:01 -07:00
parent 592f5591d9
commit e6ea4a7574
7 changed files with 42 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
include/network.php
View File

@@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
@curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)");
$ciphers = @get_config('system','curl_ssl_ciphers');
if(! $ciphers)
$ciphers = 'ALL:!eNULL';
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
if (x($opts,'accept_content')){
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
@@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
if(($redirects > 8) || (! $ch))
return ret;
curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
curl_setopt($ch, CURLOPT_USERAGENT, "Red");
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
@curl_setopt($ch, CURLOPT_POST,1);
@curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
@curl_setopt($ch, CURLOPT_USERAGENT, "Red");
$ciphers = @get_config('system','curl_ssl_ciphers');
if(! $ciphers)
$ciphers = 'ALL:!eNULL';
@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS);
if (x($opts,'accept_content')){
curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
if(x($opts,'headers'))
curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
if(x($opts,'timeout') && intval($opts['timeout'])) {
@curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']);
@@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$prx = get_config('system','proxy');
if(strlen($prx)) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $prx);
@curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
@curl_setopt($ch, CURLOPT_PROXY, $prx);
$prxusr = get_config('system','proxyuser');
if(strlen($prxusr))
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
@curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
}
// don't let curl abort the entire application
@@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$s = @curl_exec($ch);
$base = $s;
$curl_info = curl_getinfo($ch);
$curl_info = @curl_getinfo($ch);
$http_code = $curl_info['http_code'];
$header = '';