|
version 1.55, 2017/10/20 20:20:21
|
version 1.56, 2018/07/29 03:03:36
|
|
Line 43 use LONCAPA::lonssl;
|
Line 43 use LONCAPA::lonssl;
|
| my $DebugLevel=0; |
my $DebugLevel=0; |
| my %perlvar; |
my %perlvar; |
| my %secureconf; |
my %secureconf; |
| |
my %badcerts; |
| my %hosttypes; |
my %hosttypes; |
| my $InsecureOk; |
my $InsecureOk; |
| |
|
|
Line 79 sub ReadConfig {
|
Line 80 sub ReadConfig {
|
| unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
| Debug(1,"Failed to retrieve hosttypes hash.\n"); |
Debug(1,"Failed to retrieve hosttypes hash.\n"); |
| } |
} |
| |
undef(%badcerts); |
| } |
} |
| |
|
| sub ResetReadConfig { |
sub ResetReadConfig { |
|
Line 172 sub new {
|
Line 174 sub new {
|
| } |
} |
| &Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.")\n"); |
&Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.")\n"); |
| |
|
| |
my ($conntype,$gotconninfo,$allowinsecure); |
| |
if ((ref($secureconf{'connto'}) eq 'HASH') && |
| |
(exists($hosttypes{$lonid}))) { |
| |
$conntype = $secureconf{'connto'}{$hosttypes{$lonid}}; |
| |
if ($conntype ne '') { |
| |
if ($conntype ne 'req') { |
| |
$allowinsecure = 1; |
| |
} |
| |
$gotconninfo = 1; |
| |
} |
| |
} |
| |
unless ($gotconninfo) { |
| |
$allowinsecure = $InsecureOk; |
| |
} |
| |
|
| # The host must map to an entry in the hosts table: |
# The host must map to an entry in the hosts table: |
| # We connect to the dns host that corresponds to that |
# We connect to the dns host that corresponds to that |
| # system and use the hostname for the encryption key |
# system and use the hostname for the encryption key |
|
Line 187 sub new {
|
Line 204 sub new {
|
| Port => $Port, |
Port => $Port, |
| State => "Initialized", |
State => "Initialized", |
| AuthenticationMode => "", |
AuthenticationMode => "", |
| |
InsecureOK => $allowinsecure, |
| TransactionRequest => "", |
TransactionRequest => "", |
| TransactionReply => "", |
TransactionReply => "", |
| NextRequest => "", |
NextRequest => "", |
|
Line 259 sub new {
|
Line 277 sub new {
|
| my ($ca, $cert) = lonssl::CertificateFile; |
my ($ca, $cert) = lonssl::CertificateFile; |
| my $sslkeyfile = lonssl::KeyFile; |
my $sslkeyfile = lonssl::KeyFile; |
| |
|
| my ($conntype,$gotconninfo); |
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
| if ((ref($secureconf{'connto'}) eq 'HASH') && |
(!exists($badcerts{$self->{LoncapaHim}}))) { |
| (exists($hosttypes{$lonid}))) { |
|
| $conntype = $secureconf{'connto'}{$hosttypes{$lonid}}; |
|
| if ($conntype ne '') { |
|
| $gotconninfo = 1; |
|
| } |
|
| } |
|
| if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile))) { |
|
| $self->{AuthenticationMode} = "ssl"; |
$self->{AuthenticationMode} = "ssl"; |
| $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
| } elsif (($gotconninfo && $conntype ne 'req') || (!$gotconninfo && $InsecureOk)) { |
} elsif ($self->{InsecureOK}) { |
| # Allowed to do insecure: |
# Allowed to do insecure: |
| $self->{AuthenticationMode} = "insecure"; |
$self->{AuthenticationMode} = "insecure"; |
| $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; |
|
Line 424 sub Readable {
|
Line 435 sub Readable {
|
| } |
} |
| elsif ($ConnectionMode eq "ssl") { |
elsif ($ConnectionMode eq "ssl") { |
| if($Response =~ /^ok:ssl/) { # Good ssl... |
if($Response =~ /^ok:ssl/) { # Good ssl... |
| if($self->ExchangeKeysViaSSL()) { # Success skip to vsn stuff |
my $sslresult = $self->ExchangeKeysViaSSL(); |
| |
if ($sslresult == 1) { # Success skip to vsn stuff |
| # Need to reset to non blocking: |
# Need to reset to non blocking: |
| |
|
| my $flags = fcntl($socket, F_GETFL, 0); |
my $flags = fcntl($socket, F_GETFL, 0); |
|
Line 433 sub Readable {
|
Line 445 sub Readable {
|
| return 0; |
return 0; |
| } |
} |
| else { # Failed in ssl exchange. |
else { # Failed in ssl exchange. |
| |
if (($sslresult == -1) && ($self->{InsecureOK})) { |
| |
$badcerts{$self->{LoncapaHim}} = 1; |
| |
} |
| &Debug(3,"init:ssl failed key negotiation!"); |
&Debug(3,"init:ssl failed key negotiation!"); |
| $self->Transition("Disconnected"); |
$self->Transition("Disconnected"); |
| $socket->close; |
$socket->close; |
|
Line 1027 sub CreateCipher {
|
Line 1042 sub CreateCipher {
|
| sub ExchangeKeysViaSSL { |
sub ExchangeKeysViaSSL { |
| my $self = shift; |
my $self = shift; |
| my $socket = $self->{Socket}; |
my $socket = $self->{Socket}; |
| |
my $peer = $self->{LoncapaHim}; |
| |
|
| # Get our signed certificate, the certificate authority's |
# Get our signed certificate, the certificate authority's |
| # certificate and our private key file. All of these |
# certificate and our private key file. All of these |
|
Line 1041 sub ExchangeKeysViaSSL {
|
Line 1057 sub ExchangeKeysViaSSL {
|
| my $SSLSocket = lonssl::PromoteClientSocket($socket, |
my $SSLSocket = lonssl::PromoteClientSocket($socket, |
| $SSLCACertificate, |
$SSLCACertificate, |
| $SSLCertificate, |
$SSLCertificate, |
| $SSLKey); |
$SSLKey, |
| |
$peer); |
| if(defined $SSLSocket) { |
if(defined $SSLSocket) { |
| my $key = <$SSLSocket>; |
my $key = <$SSLSocket>; |
| lonssl::Close($SSLSocket); |
lonssl::Close($SSLSocket); |
|
Line 1057 sub ExchangeKeysViaSSL {
|
Line 1074 sub ExchangeKeysViaSSL {
|
| else { |
else { |
| # Failed!! |
# Failed!! |
| Debug(3, "Failed to negotiate SSL connection!"); |
Debug(3, "Failed to negotiate SSL connection!"); |
| return 0; |
return -1; |
| } |
} |
| # should not get here |
# should not get here |
| return 0; |
return 0; |
|
Line 1082 sub ExchangeKeysViaSSL {
|
Line 1099 sub ExchangeKeysViaSSL {
|
| # |
# |
| sub CompleteInsecure { |
sub CompleteInsecure { |
| my $self = shift; |
my $self = shift; |
| $self->{LoncapaHim}; |
if ($self->{InsecureOK}) { |
| my ($conntype,$gotconninfo); |
|
| if ((ref($secureconf{'connto'}) eq 'HASH') && |
|
| (exists($hosttypes{$self->{LoncapaHim}}))) { |
|
| $conntype = $secureconf{'connto'}{$hosttypes{$self->{LoncapaHim}}}; |
|
| if ($conntype ne '') { |
|
| $gotconninfo = 1; |
|
| } |
|
| } |
|
| if ((($gotconninfo) && ($conntype ne 'req')) || (!$gotconninfo && $InsecureOk)) { |
|
| $self->{AuthenticationMode} = "insecure"; |
$self->{AuthenticationMode} = "insecure"; |
| &Debug(8," Transition out of Initialized:insecure"); |
&Debug(8," Transition out of Initialized:insecure"); |
| $self->{TransactionRequest} = $self->{TransactionReply}; |
$self->{TransactionRequest} = $self->{TransactionReply}; |
![[BACK]](/icons/back.gif){kind=icon}
Return to LondConnection.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom