diff options
author | Thomas Haller <thaller@redhat.com> | 2022-02-23 17:51:32 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-02-24 09:37:58 +0100 |
commit | 7a1734926a4d053080c1d57fb29602bc5bb49f20 (patch) | |
tree | 944e4c73310f30ef96c51fa08c45dae08216fe38 | |
parent | 9f6114afe884fc56d19bbfbdf22a0b68d907d0cd (diff) | |
download | NetworkManager-7a1734926a4d053080c1d57fb29602bc5bb49f20.tar.gz |
connectivity,cloud-setup: restrict curl protocols to HTTP and HTTPS
See-also: https://fedoraproject.org/wiki/Changes/CurlMinimal_as_Default#Benefit_to_Fedora
See-also: https://github.com/systemd/systemd/commit/55b90ee00b78a449c8f187a5e8141f8ccb100bf4
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1121
-rw-r--r-- | src/core/nm-connectivity.c | 1 | ||||
-rw-r--r-- | src/nm-cloud-setup/nm-http-client.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/core/nm-connectivity.c b/src/core/nm-connectivity.c index 7199c9a242..eee837be17 100644 --- a/src/core/nm-connectivity.c +++ b/src/core/nm-connectivity.c @@ -694,6 +694,7 @@ do_curl_request(NMConnectivityCheckHandle *cb_data) curl_easy_setopt(ehandle, CURLOPT_INTERFACE, cb_data->ifspec); curl_easy_setopt(ehandle, CURLOPT_RESOLVE, cb_data->concheck.hosts); curl_easy_setopt(ehandle, CURLOPT_IPRESOLVE, resolve); + curl_easy_setopt(ehandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); curl_multi_add_handle(mhandle, ehandle); } diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c index 2f71cefa3d..7ef9f38d34 100644 --- a/src/nm-cloud-setup/nm-http-client.c +++ b/src/nm-cloud-setup/nm-http-client.c @@ -305,6 +305,7 @@ nm_http_client_get(NMHttpClient *self, curl_easy_setopt(edata->ehandle, CURLOPT_WRITEFUNCTION, _get_writefunction_cb); curl_easy_setopt(edata->ehandle, CURLOPT_WRITEDATA, edata); curl_easy_setopt(edata->ehandle, CURLOPT_PRIVATE, edata); + curl_easy_setopt(edata->ehandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); if (http_headers) { for (i = 0; http_headers[i]; ++i) { |