From 7039bd10d12d81879d7a1c03d4e4cd5fa3aab938 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 3 Dec 2015 17:22:43 -0500 Subject: More ACB SSL_VERIFYPEER fixes. Fixes #5560 --- config/autoconfigbackup/autoconfigbackup.inc | 8 +++-- config/autoconfigbackup/autoconfigbackup.php | 35 ++++++++++++++++++---- config/autoconfigbackup/autoconfigbackup.xml | 2 +- config/autoconfigbackup/autoconfigbackup_stats.php | 7 ++++- 4 files changed, 43 insertions(+), 9 deletions(-) (limited to 'config') diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 704fd165..f7baf74b 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -145,7 +145,6 @@ function test_connection($post) { } else { curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); } - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); @@ -260,7 +259,12 @@ function upload_config($reasonm = "") { curl_setopt($curl_session, CURLOPT_POST, count($post_fields)); curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); curl_setopt($curl_session, CURLOPT_TIMEOUT, 30); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index 9a7d67a1..f29a73c5 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -94,7 +94,12 @@ function get_hostnames() { $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $stats_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showstats"); @@ -180,7 +185,12 @@ function get_hostnames() { curl_setopt($curl_session, CURLOPT_URL, $del_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=delete" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['rmver'])); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); @@ -209,7 +219,12 @@ function get_hostnames() { curl_setopt($curl_session, CURLOPT_URL, $get_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=restore" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['newver'])); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); @@ -279,7 +294,12 @@ EOF; curl_setopt($curl_session, CURLOPT_URL, $get_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=restore" . "&hostname=" . urlencode($hostname) . "&revision=" . urlencode($_REQUEST['download'])); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); @@ -335,7 +355,12 @@ EOF; $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showbackups&hostname={$hostname}"); diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index f2fd8785..107a9722 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -43,7 +43,7 @@ Automatically backs up your pfSense configuration. All contents are encrypted before being sent to the server. Requires Gold Subscription from https://portal.pfsense.org pfSense Portal subscription AutoConfigBackup - 1.32 + 1.34 Diagnostics: Auto Configuration Backup Change /usr/local/pkg/autoconfigbackup.inc diff --git a/config/autoconfigbackup/autoconfigbackup_stats.php b/config/autoconfigbackup/autoconfigbackup_stats.php index 73dd54e2..eeb36641 100644 --- a/config/autoconfigbackup/autoconfigbackup_stats.php +++ b/config/autoconfigbackup/autoconfigbackup_stats.php @@ -71,7 +71,12 @@ if ($_REQUEST['delhostname']) { curl_setopt($curl_session, CURLOPT_URL, $del_url); curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 2); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + if ($pf_version < 2.2) { + // pre-2.2 doesn't have ca-root-nss + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + } else { + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1); + } curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=deletehostname&delhostname=" . urlencode($_REQUEST['delhostname'])); curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); -- cgit v1.2.3