--- loncom/LondConnection.pm 2004/06/17 10:15:46 1.32 +++ loncom/LondConnection.pm 2004/09/14 11:46:29 1.34 @@ -1,7 +1,7 @@ # This module defines and implements a class that represents # a connection to a lond daemon. # -# $Id: LondConnection.pm,v 1.32 2004/06/17 10:15:46 foxr Exp $ +# $Id: LondConnection.pm,v 1.34 2004/09/14 11:46:29 foxr Exp $ # # Copyright Michigan State University Board of Trustees # @@ -259,8 +259,8 @@ sub new { return undef; # Inidicates the socket could not be made. } my $socket = $self->{Socket}; # For local use only. - # If we are local, we'll first try local auth mode, otherwise, we'll try the - # ssl auth mode: + # If we are local, we'll first try local auth mode, otherwise, we'll try + # the ssl auth mode: Debug(8, "Connecting to $DnsName I am $LocalDns"); my $key; @@ -290,10 +290,29 @@ sub new { return undef; } - } + } else { - $self->{AuthenticationMode} = "ssl"; - $self->{TransactionRequest} = "init:ssl\n"; + # Remote peer: I'd like to do ssl, but if my host key or certificates + # are not all installed, my only choice is insecure, if that's + # allowed: + + my ($ca, $cert) = lonssl::CertificateFile; + my $sslkeyfile = lonssl::KeyFile; + + if((defined $ca) && (defined $cert) && (defined $sslkeyfile)) { + + $self->{AuthenticationMode} = "ssl"; + $self->{TransactionRequest} = "init:ssl\n"; + } else { + if($InsecureOk) { # Allowed to do insecure: + $self->{AuthenticationMode} = "insecure"; + $self->{TransactionRequest} = "init\n"; + } + else { # Not allowed to do insecure... + $socket->close; + return undef; + } + } } # @@ -533,7 +552,7 @@ sub Readable { my $answer = $self->{TransactionReply}; if($answer =~ /^enc\:/) { $answer = $self->Decrypt($answer); - $self->{TransactionReply} = $answer; + $self->{TransactionReply} = "$answer\n"; } # finish the transaction @@ -931,6 +950,7 @@ sub Decrypt { # $length tells us the actual length of the decrypted string: $decrypted = substr($decrypted, 0, $length); + Debug(9, "Decrypted $EncryptedString to $decrypted"); return $decrypted;