matthew/The-Powder-Toy
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent protocol downgrade attacks

Browse Source
This commit is contained in:
Tamás Bálint Misius 2019-08-02 01:31:02 +02:00
parent 89ef7ce216
commit 7158a00f44
No known key found for this signature in database
GPG Key ID: 5B472A12F6ECA9F2
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Config.h
View File

@ -89,6 +89,7 @@
#define SERVER "powdertoy.co.uk" #define SERVER "powdertoy.co.uk"
#define STATICSCHEME "https://" #define STATICSCHEME "https://"
#define STATICSERVER "static.powdertoy.co.uk" #define STATICSERVER "static.powdertoy.co.uk"
#define ENFORCE_HTTPS
#define LOCAL_SAVE_DIR "Saves" #define LOCAL_SAVE_DIR "Saves"

8
src/client/http/Request.cpp
View File

@ -157,6 +157,14 @@ namespace http
#endif #endif
curl_easy_setopt(easy, CURLOPT_FOLLOWLOCATION, 1L); curl_easy_setopt(easy, CURLOPT_FOLLOWLOCATION, 1L);
#ifdef ENFORCE_HTTPS
curl_easy_setopt(easy, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
curl_easy_setopt(easy, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS);
#else
curl_easy_setopt(easy, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP);
curl_easy_setopt(easy, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP);
#endif
curl_easy_setopt(easy, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
curl_easy_setopt(easy, CURLOPT_MAXREDIRS, 10L); curl_easy_setopt(easy, CURLOPT_MAXREDIRS, 10L);
curl_easy_setopt(easy, CURLOPT_ERRORBUFFER, error_buffer); curl_easy_setopt(easy, CURLOPT_ERRORBUFFER, error_buffer);