From 210571b503b8d84233488386805e136bf3a4401a Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 23 Feb 2022 17:51:32 +0100
Subject: [PATCH] connectivity,cloud-setup: restrict curl protocols to HTTP and
 HTTPS

See-also: https://fedoraproject.org/wiki/Changes/CurlMinimal_as_Default#Benefit_to_Fedora
See-also: https://github.com/systemd/systemd/commit/55b90ee00b78a449c8f187a5e8141f8ccb100bf4

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1121
(cherry picked from commit 7a1734926a4d053080c1d57fb29602bc5bb49f20)
---
 src/core/nm-connectivity.c          | 1 +
 src/nm-cloud-setup/nm-http-client.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/core/nm-connectivity.c b/src/core/nm-connectivity.c
index 7199c9a242..eee837be17 100644
--- a/src/core/nm-connectivity.c
+++ b/src/core/nm-connectivity.c
@@ -694,6 +694,7 @@ do_curl_request(NMConnectivityCheckHandle *cb_data)
     curl_easy_setopt(ehandle, CURLOPT_INTERFACE, cb_data->ifspec);
     curl_easy_setopt(ehandle, CURLOPT_RESOLVE, cb_data->concheck.hosts);
     curl_easy_setopt(ehandle, CURLOPT_IPRESOLVE, resolve);
+    curl_easy_setopt(ehandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
 
     curl_multi_add_handle(mhandle, ehandle);
 }
diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c
index 2f71cefa3d..7ef9f38d34 100644
--- a/src/nm-cloud-setup/nm-http-client.c
+++ b/src/nm-cloud-setup/nm-http-client.c
@@ -305,6 +305,7 @@ nm_http_client_get(NMHttpClient       *self,
     curl_easy_setopt(edata->ehandle, CURLOPT_WRITEFUNCTION, _get_writefunction_cb);
     curl_easy_setopt(edata->ehandle, CURLOPT_WRITEDATA, edata);
     curl_easy_setopt(edata->ehandle, CURLOPT_PRIVATE, edata);
+    curl_easy_setopt(edata->ehandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
 
     if (http_headers) {
         for (i = 0; http_headers[i]; ++i) {