Merge pull request rackspace#597 from jamiehannaford/db-cipher-fix

Jamie Hannaford · Jamie Hannaford · commit 17d35e0491a6 · 2015-05-13T12:08:11.000+02:00
Removing custom cipher list for DB service
diff --git a/lib/OpenCloud/Database/Service.php b/lib/OpenCloud/Database/Service.php
@@ -105,39 +105,4 @@ public function datastoreList($params = array())
 
         return $this->resourceList('Datastore', $url);
     }
-
-    /**
-     * {@inheritDoc}
-     */
-    public function setClient(ClientInterface $client)
-    {
-        // The Rackspace Cloud Databases service only supports the
-        // RC4 SSL cipher which is not supported by modern OpenSSL clients.
-        // Until the service can support additional, more modern and secure
-        // ciphers, this SDK has to ask curl to allow using the weaker
-        // cipher. For more information, see https://github.com/rackspace/php-opencloud/issues/560
-
-        $curlOptions = $client->getConfig()->get('curl.options');
-        $curlOptions['CURLOPT_SSL_CIPHER_LIST'] = static::getSslCipherList();
-        $client->getConfig()->set('curl.options', $curlOptions);
-
-        $logMessage = 'The SDK is using a custom cipher suite when connecting '
-                    . 'to the Rackspace Cloud Databases service. This suite contains '
-                    . 'a weak cipher (RC4) so please use at your own risk. See '
-                    . 'https://github.com/rackspace/php-opencloud/issues/560 for details.';
-        $client->getLogger()->critical($logMessage);
-
-        $this->client = $client;
-    }
-
-    /**
-     * @see https://github.com/rackspace/php-opencloud/issues/560#issuecomment-81790778
-     */
-    public static function getSslCipherList()
-    {
-        return 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:'
-            . 'ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:ECDH+3DES:'
-            . 'DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES:'
-            . 'ECDH+RC4:DH+RC4:RSA+RC4:!aNULL:!eNULL:!MD5';
-    }
 }
diff --git a/lib/OpenCloud/Version.php b/lib/OpenCloud/Version.php
@@ -27,7 +27,7 @@
  */
 class Version
 {
-    const VERSION = '1.14.0';
+    const VERSION = '1.14.2';
 
     /**
      * @return string Indicate current SDK version.
diff --git a/tests/OpenCloud/Tests/Database/ServiceTest.php b/tests/OpenCloud/Tests/Database/ServiceTest.php
@@ -73,12 +73,4 @@ public function testDatastoreList()
     {
         $this->assertInstanceOf(self::COLLECTION_CLASS, $this->service->datastoreList());
     }
-
-    public function testClientUsesCustomCipherSuite()
-    {
-        $client = $this->service->getClient();
-        $curlOptions = $client->getConfig('curl.options');
-        $this->assertEquals(Service::getSslCipherList(), $curlOptions['CURLOPT_SSL_CIPHER_LIST']);
-        $this->assertCriticalMessageWasLogged();
-    }
 }

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`*/`
`28`	`28`	`class Version`
`29`	`29`	`{`
`30`		`- const VERSION = '1.14.0';`
	`30`	`+ const VERSION = '1.14.2';`
`31`	`31`
`32`	`32`	`/**`
`33`	`33`	`* @return string Indicate current SDK version.`
Original file line number	Diff line number	Diff line change
`@@ -73,12 +73,4 @@ public function testDatastoreList()`
`73`	`73`	`{`
`74`	`74`	`$this->assertInstanceOf(self::COLLECTION_CLASS, $this->service->datastoreList());`
`75`	`75`	`}`
`76`		`-`
`77`		`- public function testClientUsesCustomCipherSuite()`
`78`		`- {`
`79`		`- $client = $this->service->getClient();`
`80`		`- $curlOptions = $client->getConfig('curl.options');`
`81`		`- $this->assertEquals(Service::getSslCipherList(), $curlOptions['CURLOPT_SSL_CIPHER_LIST']);`
`82`		`- $this->assertCriticalMessageWasLogged();`
`83`		`- }`
`84`	`76`	`}`