Thread: POODLE vulnerability in SSLv3
View Single Post
  #113  
Old 11-19-2014, 03:19 AM
 
aim aim is offline
Advanced Staff Users
  

X-Cart team
   
Join Date: Dec 2008
Posts: 928
 
Default Re: POODLE vulnerability in SSLv3
Quote:
Originally Posted by peakay
Ksenia (or anyone else),

What if any patches need to be made to 4.1.8 connecting to PayPal for credit card processing? I've read through each page of this thread and am not coming up with a clear answer.

Thanks!

Do you have the stock 4.1.8 https modules ?
include/func/func.https_curl.php include/func/func.https_openssl.php
include/func/func.https_libcurl.php include/func/func.https_ssleay.php


Do you have the 'use_ssl' string in the files ?

Code:
aim-server[~/www/xcart_4_6_x]$ grep -r  use_ssl ~/www/xcart/4_6_3_gold/include/func/func.https* 
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_curl.php:function func_https_request_curl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_curl.php:    if ($use_ssl3)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_libcurl.php:function func_https_request_libcurl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_libcurl.php:    return func_request_libcurl($method, $url, $data, $join, $cookie, $conttype, $referer, $cert, $kcert, $headers, $timeout, $use_ssl3, true);
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_libcurl.php:function func_request_libcurl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false, $_https=true)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_libcurl.php:    if ($use_ssl3)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_openssl.php:function func_https_request_openssl($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_openssl.php:    if ($use_ssl3)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_ssleay.php:function func_https_request_ssleay($method, $url, $data="", $join="&", $cookie="", $conttype="application/x-www-form-urlencoded", $referer="", $cert="", $kcert="", $headers="", $timeout = 0, $use_ssl3 = false)
/home/aim/www/xcart/4_6_3_gold/include/func/func.https_ssleay.php:    $execline .= " $ui[host] $ui[port] " . ($use_ssl3 ? '1' : '0') . ' ' . func_shellquote($cert) . ' ' . func_shellquote($kcert) . ' < ' . func_shellquote($tmpfile) . ' 2>' . func_shellquote($ignorefile);
aim-server[~/www/xcart_4_6_x]$
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
Reply With Quote