diff options
author | friendica <info@friendica.com> | 2014-03-24 17:16:01 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-03-24 17:16:01 -0700 |
commit | e6ea4a757452f93d49a80bf1f4fa76c88c3659ff (patch) | |
tree | b23092f34f45940d9777ab37823a8a46fe2f3661 /include | |
parent | 592f5591d9751b3ed6194ba018ff56897bc4e7e5 (diff) | |
download | volse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.tar.gz volse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.tar.bz2 volse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.zip |
ssl ciphers - be liberal in what we accept, conservative in what we generate
Diffstat (limited to 'include')
-rw-r--r-- | include/network.php | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/include/network.php b/include/network.php index 7fc3d835e..0bf05c0f0 100644 --- a/include/network.php +++ b/include/network.php @@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); @curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)"); + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers); + if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } @@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { if(($redirects > 8) || (! $ch)) return ret; - curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); - curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + @curl_setopt($ch, CURLOPT_POST,1); + @curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + @curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS); if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } if(x($opts,'headers')) - curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); + @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); if(x($opts,'timeout') && intval($opts['timeout'])) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); @@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $prx = get_config('system','proxy'); if(strlen($prx)) { - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); + @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); + @curl_setopt($ch, CURLOPT_PROXY, $prx); $prxusr = get_config('system','proxyuser'); if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); } // don't let curl abort the entire application @@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $s = @curl_exec($ch); $base = $s; - $curl_info = curl_getinfo($ch); + $curl_info = @curl_getinfo($ch); $http_code = $curl_info['http_code']; $header = ''; |