aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php2
-rw-r--r--include/network.php12
-rw-r--r--install/update.php11
-rwxr-xr-xmod/setup.php19
-rw-r--r--view/en/htconfig.tpl7
5 files changed, 33 insertions, 18 deletions
diff --git a/boot.php b/boot.php
index a5a48b2bf..4c024309b 100755
--- a/boot.php
+++ b/boot.php
@@ -47,7 +47,7 @@ define ( 'RED_PLATFORM', 'Red Matrix' );
define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R');
define ( 'ZOT_REVISION', 1 );
-define ( 'DB_UPDATE_VERSION', 1103 );
+define ( 'DB_UPDATE_VERSION', 1104 );
define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
diff --git a/include/network.php b/include/network.php
index 14771d88f..9f68328b7 100644
--- a/include/network.php
+++ b/include/network.php
@@ -44,10 +44,8 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)");
$ciphers = @get_config('system','curl_ssl_ciphers');
- if(! $ciphers)
- $ciphers = 'ALL:!eNULL';
-
- @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
+ if($ciphers)
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
if (x($opts,'accept_content')){
@curl_setopt($ch,CURLOPT_HTTPHEADER, array (
@@ -152,10 +150,8 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
@curl_setopt($ch, CURLOPT_USERAGENT, "Red");
$ciphers = @get_config('system','curl_ssl_ciphers');
- if(! $ciphers)
- $ciphers = 'ALL:!eNULL';
-
- @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
+ if($ciphers)
+ @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
if (x($opts,'accept_content')){
diff --git a/install/update.php b/install/update.php
index 11b1c1da6..06a60db79 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1103 );
+define( 'UPDATE_VERSION' , 1104 );
/**
*
@@ -1158,4 +1158,11 @@ function update_r1102() {
intval(ABOOK_FLAG_UNCONNECTED)
);
return UPDATE_SUCCESS;
-} \ No newline at end of file
+}
+
+function update_r1103() {
+ $x = curl_version();
+ if(stristr($x['ssl_version'],'openssl'))
+ set_config('system','curl_ssl_ciphers','ALL:!eNULL');
+ return UPDATE_SUCCESS;
+}
diff --git a/mod/setup.php b/mod/setup.php
index 83317dc4c..02c2268ce 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -605,9 +605,28 @@ function what_next() {
$a = get_app();
// install the standard theme
set_config('system','allowed_themes','redbasic');
+
+ // Set a lenient list of ciphers if using openssl. Other ssl engines
+ // (e.g. NSS used in RedHat) require different syntax, so hopefully
+ // the default curl cipher list will work for most sites. If not,
+ // this can set via config. Many distros are now disabling RC4,
+ // but many Red sites still use it and are unable to change it.
+ // We do not use SSL for encryption, only to protect session cookies.
+ // z_fetch_url() is also used to import shared links and other content
+ // so in theory most any cipher could show up and we should do our best
+ // to make the content available rather than tell folks that there's a
+ // weird SSL error which they can't do anything about.
+
+ $x = curl_version();
+ if(stristr($x['ssl_version'],'openssl'))
+ set_config('system','curl_ssl_ciphers','ALL:!eNULL');
+
+
// Create a system channel
require_once ('include/identity.php');
create_sys_channel();
+
+
$baseurl = $a->get_baseurl();
return
t('<h1>What next</h1>')
diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl
index 8e2d32433..840e7a124 100644
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@@ -85,13 +85,6 @@ $a->config['system']['php_path'] = '{{$phpath}}';
$a->config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;
-
-// libcurl default ciphers - Redhat and NSS based systems may use a different
-// syntax. This indicates the ciphers we will accept when connecting to any
-// https site. We want this to be as liberal as possible.
-
-$a->config['system']['curl_ssl_ciphers'] = 'ALL:!eNULL';
-
// default system theme
$a->config['system']['theme'] = 'redbasic';