version 1.20, 2018/12/03 03:40:39
|
version 1.21, 2018/12/10 17:34:22
|
Line 112 sub SetFdBlocking {
|
Line 112 sub SetFdBlocking {
|
# Socket IO::Socket::INET Original ordinary socket. |
# Socket IO::Socket::INET Original ordinary socket. |
# CACert string Full path name to the certificate |
# CACert string Full path name to the certificate |
# authority certificate file. |
# authority certificate file. |
# MyCert string Full path name to the certificate |
# MyCert string Full path name to the certificate |
# issued to this host. |
# issued to this host. |
# KeyFile string Full pathname to the host's private |
# KeyFile string Full pathname to the host's private |
# key file for the certificate. |
# key file for the certificate. |
# peer string lonHostID of remote LON-CAPA server |
# peer string lonid of remote LON-CAPA server |
|
# peerdef string default lonHostID of remote server |
# CRLFile Full path name to the certificate |
# CRLFile Full path name to the certificate |
# revocation list file for the cluster |
# revocation list file for the cluster |
# to which server belongs (optional) |
# to which server belongs (optional) |
Line 134 sub PromoteClientSocket {
|
Line 135 sub PromoteClientSocket {
|
$MyCert, |
$MyCert, |
$KeyFile, |
$KeyFile, |
$peer, |
$peer, |
|
$peerdef, |
$CRLFile) = @_; |
$CRLFile) = @_; |
|
|
Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n"); |
Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n"); |
Line 158 sub PromoteClientSocket {
|
Line 160 sub PromoteClientSocket {
|
# Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to |
# Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to |
# SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01 |
# SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01 |
# used by CentOS/RHEL/Scientific Linux 5). |
# used by CentOS/RHEL/Scientific Linux 5). |
|
|
|
my $verify_cn = $peerdef; |
|
if ($verify_cn eq '') { |
|
$verify_cn = $peer; |
|
} |
|
|
my %sslargs = (SSL_use_cert => 1, |
my %sslargs = (SSL_use_cert => 1, |
SSL_key_file => $KeyFile, |
SSL_key_file => $KeyFile, |
SSL_cert_file => $MyCert, |
SSL_cert_file => $MyCert, |
SSL_ca_file => $CACert, |
SSL_ca_file => $CACert, |
SSL_verifycn_name => $peer, |
SSL_verifycn_name => $verify_cn, |
SSL_verify_mode => Net::SSLeay::VERIFY_PEER()); |
SSL_verify_mode => Net::SSLeay::VERIFY_PEER()); |
if (($CRLFile ne '') && (-e $CRLFile)) { |
if (($CRLFile ne '') && (-e $CRLFile)) { |
$sslargs{SSL_check_crl} = 1; |
$sslargs{SSL_check_crl} = 1; |