aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-03-24 17:16:01 -0700
committerfriendica <info@friendica.com>2014-03-24 17:16:01 -0700
commite6ea4a757452f93d49a80bf1f4fa76c88c3659ff (patch)
treeb23092f34f45940d9777ab37823a8a46fe2f3661 /include
parent592f5591d9751b3ed6194ba018ff56897bc4e7e5 (diff)
downloadvolse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.tar.gz
volse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.tar.bz2
volse-hubzilla-e6ea4a757452f93d49a80bf1f4fa76c88c3659ff.zip
ssl ciphers - be liberal in what we accept, conservative in what we generate
Diffstat (limited to 'include')
-rw-r--r--include/network.php36
1 files changed, 24 insertions, 12 deletions
diff --git a/include/network.php b/include/network.php
index 7fc3d835e..0bf05c0f0 100644
--- a/include/network.php
+++ b/include/network.php
@@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
@curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)");
+ $ciphers = @get_config('system','curl_ssl_ciphers');
+ if(! $ciphers)
+ $ciphers = 'ALL:!eNULL';
+
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
+
if (x($opts,'accept_content')){
- curl_setopt($ch,CURLOPT_HTTPHEADER, array (
+ @curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
@@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
if(($redirects > 8) || (! $ch))
return ret;
- curl_setopt($ch, CURLOPT_HEADER, true);
+ @curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
- curl_setopt($ch, CURLOPT_POST,1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
- curl_setopt($ch, CURLOPT_USERAGENT, "Red");
+ @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
+ @curl_setopt($ch, CURLOPT_POST,1);
+ @curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+ @curl_setopt($ch, CURLOPT_USERAGENT, "Red");
+
+ $ciphers = @get_config('system','curl_ssl_ciphers');
+ if(! $ciphers)
+ $ciphers = 'ALL:!eNULL';
+
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS);
if (x($opts,'accept_content')){
- curl_setopt($ch,CURLOPT_HTTPHEADER, array (
+ @curl_setopt($ch,CURLOPT_HTTPHEADER, array (
"Accept: " . $opts['accept_content']
));
}
if(x($opts,'headers'))
- curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
+ @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
if(x($opts,'timeout') && intval($opts['timeout'])) {
@curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']);
@@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$prx = get_config('system','proxy');
if(strlen($prx)) {
- curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
- curl_setopt($ch, CURLOPT_PROXY, $prx);
+ @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
+ @curl_setopt($ch, CURLOPT_PROXY, $prx);
$prxusr = get_config('system','proxyuser');
if(strlen($prxusr))
- curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+ @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
}
// don't let curl abort the entire application
@@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
$s = @curl_exec($ch);
$base = $s;
- $curl_info = curl_getinfo($ch);
+ $curl_info = @curl_getinfo($ch);
$http_code = $curl_info['http_code'];
$header = '';