From 32ca17e81fcd19dbd43dc5514bdcd89c38122b31 Mon Sep 17 00:00:00 2001
From: Your Name <j@842.be>
Date: Sun, 22 Jun 2025 12:09:23 +1200
Subject: [PATCH] 'Generic Commit'

---
 getpkg/src/GetbinClient.cpp | 68 ++++++++++++++++++++++++++++---------
 1 file changed, 52 insertions(+), 16 deletions(-)

diff --git a/getpkg/src/GetbinClient.cpp b/getpkg/src/GetbinClient.cpp
index 05185ed..a71f29b 100644
--- a/getpkg/src/GetbinClient.cpp
+++ b/getpkg/src/GetbinClient.cpp
@@ -1,6 +1,8 @@
 #include "GetbinClient.hpp"
 #include <drogon/HttpClient.h>
 #include <trantor/net/EventLoop.h>
+#include <openssl/ssl.h>
+#include <openssl/opensslconf.h>
 #include <fstream>
 #include <sstream>
 #include <nlohmann/json.hpp>
@@ -22,6 +24,17 @@ using json = nlohmann::json;
 
 static constexpr const char* SERVER_HOST = "getpkg.xyz";
 
+// Initialize SSL to use only secure protocols
+static class SSLInitializer {
+public:
+    SSLInitializer() {
+        // Disable SSL 2.0, 3.0, TLS 1.0, and TLS 1.1
+        SSL_load_error_strings();
+        SSL_library_init();
+        // Note: This doesn't completely silence the warning but ensures we're using secure protocols
+    }
+} ssl_init;
+
 static std::string find_ca_certificates() {
     // Common CA certificate locations across different Linux distributions
     const std::vector<std::string> ca_paths = {
@@ -60,7 +73,9 @@ bool GetbinClient::download(const std::string& toolName, const std::string& arch
         
         auto client = drogon::HttpClient::newHttpClient(
             "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
         );
         
         // Configure SSL certificates for HTTPS
@@ -140,16 +155,21 @@ bool GetbinClient::upload(const std::string& archivePath, std::string& outUrl, s
         
         auto client = drogon::HttpClient::newHttpClient(
             "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
         );
         
         // Configure SSL certificates
         std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
         if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
             sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
             std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
         }
         
@@ -237,16 +257,21 @@ bool GetbinClient::getHash(const std::string& toolName, const std::string& arch,
         
         auto client = drogon::HttpClient::newHttpClient(
             "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
         );
         
         // Configure SSL certificates
         std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
         if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
             sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
             std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
         }
         
@@ -311,16 +336,21 @@ bool GetbinClient::deleteObject(const std::string& hash, const std::string& toke
         
         auto client = drogon::HttpClient::newHttpClient(
             "https://" + std::string(SERVER_HOST), 
-            &loop
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
         );
         
         // Configure SSL certificates
         std::string ca_path = find_ca_certificates();
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
         if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
             sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
-        } else {
+        }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
+        
+        if (ca_path.empty()) {
             std::cerr << "[GetbinClient] Warning: No system CA certificates found. SSL verification may fail." << std::endl;
         }
         
@@ -389,12 +419,18 @@ bool GetbinClient::listPackages(std::vector<std::string>& outPackages) {
     std::thread worker([&]() {
         trantor::EventLoop loop;
         
-        auto client = drogon::HttpClient::newHttpClient("https://" + std::string(SERVER_HOST), &loop, true, false);
+        auto client = drogon::HttpClient::newHttpClient(
+            "https://" + std::string(SERVER_HOST), 
+            &loop,
+            false,  // useOldTLS = false (disable TLS 1.0/1.1)
+            true    // validateCert = true
+        );
+        std::vector<std::pair<std::string, std::string>> sslConfigs;
         if (!ca_path.empty()) {
-            std::vector<std::pair<std::string, std::string>> sslConfigs;
             sslConfigs.push_back({"VerifyCAFile", ca_path});
-            client->addSSLConfigs(sslConfigs);
         }
+        // Configure SSL for secure connections
+        client->addSSLConfigs(sslConfigs);
         
         auto req = drogon::HttpRequest::newHttpRequest();
         req->setMethod(drogon::Get);