diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2015-05-07 15:22:05 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-05-07 15:22:05 -0300 |
| commit | 5f3a0fc3066ce77562a59794bd67e114211b03d0 (patch) | |
| tree | 125f60868a895c8533ddfcaa4599c30bf168ff3b /etc/inc/pkg-utils.inc | |
| parent | fa0a84cd77d39d1c396075619410825861606eb2 (diff) | |
| download | pfsense-5f3a0fc3066ce77562a59794bd67e114211b03d0.zip pfsense-5f3a0fc3066ce77562a59794bd67e114211b03d0.tar.gz | |
Drop verify_all_package_servers() verify_package_server() check_package_server_ssl() package_server_ssl_failure_message() and package_server_mismatch_message()
Diffstat (limited to 'etc/inc/pkg-utils.inc')
| -rw-r--r-- | etc/inc/pkg-utils.inc | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 6b688aa..6b7364b 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -772,81 +772,4 @@ function stop_packages() { } } -function verify_all_package_servers() { - return verify_package_server(get_active_xml_rpc_base_url()); -} - -/* Check if the active package server is a valid default or if it has been - altered. */ -function verify_package_server($server) { - /* Define the expected default package server domains. Include - preceding "." to prevent matching from being too liberal. */ - $default_package_domains = array('.pfsense.org', '.pfsense.com', '.netgate.com'); - - /* For this test we only need to check the hostname. */ - $xmlrpcbase = parse_url($server, PHP_URL_HOST); - - foreach ($default_package_domains as $dom) { - if (substr($xmlrpcbase, -(strlen($dom))) == $dom) { - return true; - } - } - return false; -} - -/* Test the package server certificate to ensure that it validates properly */ -function check_package_server_ssl() { - global $g; - $xmlrpcurl = get_active_xml_rpc_base_url() . $g['xmlrpcpath']; - - /* If the package server is using HTTP, we can't verify SSL */ - if (substr($xmlrpcurl, 0, 5) == "http:") { - return "http"; - } - - /* Setup a basic cURL connection. We do not care about the content of - the result, only the SSL verification. */ - $ch = curl_init($xmlrpcurl); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '30'); - curl_setopt($ch, CURLOPT_TIMEOUT, 60); - curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); - $result_page = curl_exec($ch); - $verifyfail = curl_getinfo($ch, CURLINFO_SSL_VERIFYRESULT); - curl_close($ch); - - /* The result from curl is 1 on failure, 0 on success. */ - if ($verifyfail == 0) { - return true; - } else { - return false; - } -} - -/* Keep this message centrally since it will be used several times on pages - in the GUI. */ -function package_server_ssl_failure_message() { - $msg = "The package server's SSL certificate could not be verified. " - . "The SSL certificate itself may be invalid, its chain of trust may " - . "have failed validation, or the server may have been impersonated. " - . "Downloaded packages may come from an untrusted source. " - . "Proceed with caution."; - - return sprintf(gettext($msg), htmlspecialchars(get_active_xml_rpc_base_url())); -} - -/* Keep this message centrally since it will be used several times on pages - in the GUI. */ -function package_server_mismatch_message() { - $msg = "The package server currently configured on " - . "this firewall (%s) is NOT an official package server. The contents " - . "of such servers cannot be verified and may contain malicious files. " - . "Return the package server settings to their default values to " - . "ensure that verifiable and trusted packages are received."; - - return sprintf(gettext($msg), htmlspecialchars(get_active_xml_rpc_base_url())) . '<br/><br/>' - . '<a href="/pkg_mgr_settings.php">' . gettext("Package Manager Settings") . '</a>'; -} - ?> |
