From e6ea4a757452f93d49a80bf1f4fa76c88c3659ff Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 24 Mar 2014 17:16:01 -0700 Subject: ssl ciphers - be liberal in what we accept, conservative in what we generate --- include/network.php | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'include/network.php') diff --git a/include/network.php b/include/network.php index 7fc3d835e..0bf05c0f0 100644 --- a/include/network.php +++ b/include/network.php @@ -43,8 +43,14 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); @curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)"); + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers); + if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } @@ -138,21 +144,27 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { if(($redirects > 8) || (! $ch)) return ret; - curl_setopt($ch, CURLOPT_HEADER, true); + @curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); - curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + @curl_setopt($ch, CURLOPT_POST,1); + @curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + @curl_setopt($ch, CURLOPT_USERAGENT, "Red"); + + $ciphers = @get_config('system','curl_ssl_ciphers'); + if(! $ciphers) + $ciphers = 'ALL:!eNULL'; + + @curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, Z_CURL_CIPHERS); if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( + @curl_setopt($ch,CURLOPT_HTTPHEADER, array ( "Accept: " . $opts['accept_content'] )); } if(x($opts,'headers')) - curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); + @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); if(x($opts,'timeout') && intval($opts['timeout'])) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); @@ -172,11 +184,11 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $prx = get_config('system','proxy'); if(strlen($prx)) { - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); + @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); + @curl_setopt($ch, CURLOPT_PROXY, $prx); $prxusr = get_config('system','proxyuser'); if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); } // don't let curl abort the entire application @@ -185,7 +197,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { $s = @curl_exec($ch); $base = $s; - $curl_info = curl_getinfo($ch); + $curl_info = @curl_getinfo($ch); $http_code = $curl_info['http_code']; $header = ''; -- cgit v1.2.3