Index: include/func/func.https_curl.php diff -u include/func/func.https_curl.php:1.2.2.6 include/func/func.https_curl.php:1.2.2.7 --- include/func/func.https_curl.php:1.2.2.6 Thu Feb 5 13:39:29 2009 +++ include/func/func.https_curl.php Tue Apr 28 15:11:23 2009 @@ -70,7 +70,7 @@ # $rbody [string] # $rbody = "..."; -function func_https_request_curl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0) { +function func_https_request_curl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false) { global $config; if ($method != "POST" && $method != "GET") @@ -166,6 +166,10 @@ } } + # SSL 3 + if ($use_ssl3) + $execline .= ' --sslv3'; + $fp = popen($execline." ".func_shellquote($url)." 2>".func_shellquote($tmpfile), "r"); if (!$fp) { @unlink($tmpfile); Index: include/func/func.https_httpscli.php diff -u include/func/func.https_httpscli.php:1.3.2.3 include/func/func.https_httpscli.php:1.3.2.4 --- include/func/func.https_httpscli.php:1.3.2.3 Thu Feb 5 13:39:29 2009 +++ include/func/func.https_httpscli.php Tue Apr 28 15:11:23 2009 @@ -72,8 +72,8 @@ # bin/https_cli.c -function func_https_request_httpscli($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="") -{ +function func_https_request_httpscli($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false) { + if ($method != "POST" && $method != "GET") return array("0","X-Cart HTTPS: Invalid method"); Index: include/func/func.https_libcurl.php diff -u include/func/func.https_libcurl.php:1.3.2.11 include/func/func.https_libcurl.php:1.3.2.12 --- include/func/func.https_libcurl.php:1.3.2.11 Thu Feb 5 13:39:29 2009 +++ include/func/func.https_libcurl.php Tue Apr 28 15:11:23 2009 @@ -86,7 +86,7 @@ return strlen($args[1]); } -function func_https_request_libcurl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0) { +function func_https_request_libcurl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false) { global $config; if (intval($timeout) <= 0) @@ -154,6 +154,10 @@ curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 1); } + + if ($use_ssl3) + curl_setopt ($ch, CURLOPT_SSLVERSION, 3); + if( $method == 'GET' ) curl_setopt ($ch, CURLOPT_HTTPGET, 1); else { Index: include/func/func.https_openssl.php diff -u include/func/func.https_openssl.php:1.2.2.3 include/func/func.https_openssl.php:1.2.2.4 --- include/func/func.https_openssl.php:1.2.2.3 Thu Feb 5 13:39:29 2009 +++ include/func/func.https_openssl.php Tue Apr 28 15:11:23 2009 @@ -73,8 +73,8 @@ # [15:53][mclap@rrf:S4][~]$ openssl version # OpenSSL 0.9.7a Feb 19 2003 -function func_https_request_openssl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="") -{ +function func_https_request_openssl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false) { + if ($method != "POST" && $method != "GET") return array("0","X-Cart HTTPS: Invalid method"); @@ -95,6 +95,9 @@ if ($cert) $args[] = '-cert '.func_shellquote($cert); if ($kcert) $args[] = '-key '.func_shellquote($kcert); + if ($use_ssl3) + $args[] = '-ssl3'; + $request = func_https_prepare_request($method, $ui,$data,$join,$cookie,$conttype,$referer,$headers); $tmpfile = func_temp_store($request); $tmpignore = func_temp_store(''); Index: include/func/func.https_ssleay.php diff -u include/func/func.https_ssleay.php:1.2.2.3 include/func/func.https_ssleay.php:1.2.2.4 --- include/func/func.https_ssleay.php:1.2.2.3 Thu Feb 5 13:39:29 2009 +++ include/func/func.https_ssleay.php Tue Apr 28 15:11:23 2009 @@ -70,8 +70,8 @@ # $rbody [string] # $rbody = "..."; -function func_https_request_ssleay($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="") -{ +function func_https_request_ssleay($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false) { + global $config; global $xcart_dir; @@ -98,7 +98,7 @@ return array(0, "X-Cart HTTPS: cannot create temporaly file"); $ignorefile = func_temp_store(""); - $execline .= " $ui[host] $ui[port] ".func_shellquote($cert).' '.func_shellquote($kcert).' < '.func_shellquote($tmpfile).' 2>'.func_shellquote($ignorefile); + $execline .= " $ui[host] $ui[port] " . ($use_ssl3 ? '1' : '0') . ' ' . func_shellquote($cert) . ' ' . func_shellquote($kcert) . ' < ' . func_shellquote($tmpfile) . ' 2>' . func_shellquote($ignorefile); $fp = popen($execline, "r"); if (!$fp) Index: payment/netssleay.pl diff -u payment/netssleay.pl:1.14 payment/netssleay.pl:1.14.2.1 --- payment/netssleay.pl:1.14 Wed Apr 13 11:17:19 2005 +++ payment/netssleay.pl Tue Apr 28 15:11:23 2009 @@ -1,20 +1,25 @@ #!/usr/bin/perl # -# $Id: netssleay.pl,v 1.14 2005/04/13 07:17:19 mclap Exp $ +# $Id: netssleay.pl,v 1.14.2.1 2009/04/28 11:11:23 aim Exp $ # require Net::SSLeay; Net::SSLeay->import ( qw(sslcat)); $Net::SSLeay::slowly = 5; # Add sleep so broken servers can keep up -if ($#ARGV<1) { +if ($#ARGV < 1) { print <) { $request .= $_; Index: shipping/mod_UPS.php diff -u shipping/mod_UPS.php:1.42.2.27 shipping/mod_UPS.php:1.42.2.28 --- shipping/mod_UPS.php:1.42.2.27 Thu Feb 5 13:39:43 2009 +++ shipping/mod_UPS.php Tue Apr 28 15:11:23 2009 @@ -388,7 +388,7 @@ return; } - list ($a,$result) = func_https_request("POST",$UPS_url."Rate",$post,"","","text/xml"); + list ($a,$result) = func_https_request("POST",$UPS_url."Rate",$post,"","","text/xml", "", "", "", "", 0, true); $init_intershipper_rates = $intershipper_rates;