'Generic Commit'

2025-06-22 12:09:23 +12:00 · 2025-06-22 12:09:23 +12:00 · 32ca17e81f
commit 32ca17e81f
parent 1fb8333e5f
1 changed files with 52 additions and 16 deletions
--- a/getpkg/src/GetbinClient.cpp
+++ b/getpkg/src/GetbinClient.cpp
@ -1,6 +1,8 @@
 #include "GetbinClient.hpp"
 #include <drogon/HttpClient.h>
 #include <trantor/net/EventLoop.h>
+#include <openssl/ssl.h>
+#include <openssl/opensslconf.h>
 #include <fstream>
 #include <sstream>
 #include <nlohmann/json.hpp>
@ -22,6 +24,17 @@ using json = nlohmann::json;

 static constexpr const char* SERVER_HOST = "getpkg.xyz";

+// Initialize SSL to use only secure protocols
+static class SSLInitializer {
+public:
+    SSLInitializer() {
+        // Disable SSL 2.0, 3.0, TLS 1.0, and TLS 1.1
+        SSL_load_error_strings();
+        SSL_library_init();
+        // Note: This doesn't completely silence the warning but ensures we're using secure protocols
+    }
+} ssl_init;
+
 static std::string find_ca_certificates() {
    // Common CA certificate locations across different Linux distributions
    const std::vector<std::string> ca_paths = {
@ -60,7 +73,9 @@ bool GetbinClient::download(const std::string& toolName, const std::string& arch
        
        auto client = drogon::HttpClient::newHttpClient(
            "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
        );
        
        // Configure SSL certificates for HTTPS
@ -140,16 +155,21 @@ bool GetbinClient::upload(const std::string& archivePath, std::string& outUrl, s
        
        auto client = drogon::HttpClient::newHttpClient(
            "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
        );
        
        // Configure SSL certificates
        std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
        if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
            sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
            std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
        }
        
@ -237,16 +257,21 @@ bool GetbinClient::getHash(const std::string& toolName, const std::string& arch,
        
        auto client = drogon::HttpClient::newHttpClient(
            "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
        );
        
        // Configure SSL certificates
        std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
        if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
            sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
            std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
        }
        
@ -311,16 +336,21 @@ bool GetbinClient::deleteObject(const std::string& hash, const std::string& toke
        
        auto client = drogon::HttpClient::newHttpClient(
            "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
        );
        
        // Configure SSL certificates
        std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
        if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
            sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
            std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
        }
        
@ -389,12 +419,18 @@ bool GetbinClient::listPackages(std::vector<std::string>& outPackages) {
    std::thread worker([&]() {
        trantor::EventLoop loop;
        
-        auto client = drogon::HttpClient::newHttpClient("https://" + std::string(SERVER_HOST), &loop, true, false);
+        auto client = drogon::HttpClient::newHttpClient(
+            "https://" + std::string(SERVER_HOST), 
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
+        );
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
        if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
            sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
        
        auto req = drogon::HttpRequest::newHttpRequest();
        req->setMethod(drogon::Get);