Diff for /loncom/lonssl.pm between versions 1.18 and 1.23

version 1.18, 2018/08/09 13:27:55 version 1.23, 2018/12/11 15:15:26
Line 112  sub SetFdBlocking { Line 112  sub SetFdBlocking {
 #               Socket IO::Socket::INET   Original ordinary socket.  #               Socket IO::Socket::INET   Original ordinary socket.
 #               CACert string           Full path name to the certificate   #               CACert string           Full path name to the certificate 
 #                                          authority certificate file.  #                                          authority certificate file.
 #                MyCert string           Full path name to the certificate   #               MyCert string           Full path name to the certificate 
 #                                          issued to this host.  #                                          issued to this host.
 #                KeyFile string       Full pathname to the host's private   #               KeyFile string       Full pathname to the host's private 
 #                                          key file for the certificate.  #                                          key file for the certificate.
 #               peer    string             lonHostID of remote LON-CAPA server  #               peer    string             lonid of remote LON-CAPA server
   #               peerdef string             default lonHostID of remote server
 #               CRLFile                    Full path name to the certificate  #               CRLFile                    Full path name to the certificate
 #                                          revocation list file for the cluster  #                                          revocation list file for the cluster
 #                                          to which server belongs (optional)  #                                          to which server belongs (optional)
Line 134  sub PromoteClientSocket { Line 135  sub PromoteClientSocket {
  $MyCert,   $MyCert,
  $KeyFile,   $KeyFile,
         $peer,          $peer,
           $peerdef,
         $CRLFile) = @_;          $CRLFile) = @_;
   
     Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");      Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer, RemoteDefHost: $peerdef\n");
   
     # To create the ssl socket we need to duplicate the existing      # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket      # socket.  Otherwise closing the ssl socket will close the plaintext socket
Line 158  sub PromoteClientSocket { Line 160  sub PromoteClientSocket {
     # Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to      # Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to
     # SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01      # SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01
     # used by CentOS/RHEL/Scientific Linux 5).      # used by CentOS/RHEL/Scientific Linux 5).
       
       my $verify_cn = $peerdef;
       if ($verify_cn eq '') {
           $verify_cn = $peer;
       }
   
     my %sslargs = (SSL_use_cert      => 1,      my %sslargs = (SSL_use_cert      => 1,
                    SSL_key_file      => $KeyFile,                     SSL_key_file      => $KeyFile,
                    SSL_cert_file     => $MyCert,                     SSL_cert_file     => $MyCert,
                    SSL_ca_file       => $CACert,                     SSL_ca_file       => $CACert,
                    SSL_verifycn_name => $peer,                     SSL_verifycn_name => $verify_cn,
                    SSL_verify_mode   => Net::SSLeay::VERIFY_PEER());                     SSL_verify_mode   => Net::SSLeay::VERIFY_PEER());
     if (($CRLFile ne '') && (-e $CRLFile)) {      if (($CRLFile ne '') && (-e $CRLFile)) {
         $sslargs{SSL_check_crl} = 1;          $sslargs{SSL_check_crl} = 1;
Line 238  sub PromoteServerSocket { Line 245  sub PromoteServerSocket {
         $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();          $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();
         if (($CRLFile ne '') && (-e $CRLFile)) {          if (($CRLFile ne '') && (-e $CRLFile)) {
             $sslargs{SSL_check_crl} = 1;              $sslargs{SSL_check_crl} = 1;
             $sslargs{SSL_crl_file} = $CRLFile;               $sslargs{SSL_crl_file} = $CRLFile;
         }          }
     }      }
     my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);      my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);
Line 411  sub has_badcert_file { Line 418  sub has_badcert_file {
 }  }
   
 sub Read_Connect_Config {  sub Read_Connect_Config {
     my ($secureconf,$checkedcrl,$perlvarref) = @_;      my ($secureconf,$perlvarref,$crlcheckedref) = @_;
     return unless ((ref($secureconf) eq 'HASH') && (ref($checkedcrl) eq 'HASH'));      return unless (ref($secureconf) eq 'HASH');
   
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
   
     # Clear hash of clients for which Certificate Revocation List checked       # Clear hash of clients in lond for which Certificate Revocation List checked
     foreach my $key (keys(%{$checkedcrl})) {      if (ref($crlcheckedref) eq 'HASH') {
         delete($checkedcrl->{$key});          foreach my $key (keys(%{$crlcheckedref})) {
               delete($crlcheckedref->{$key});
           }
     }      }
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$secureconf})) {      foreach my $key (keys(%{$secureconf})) {
Line 429  sub Read_Connect_Config { Line 438  sub Read_Connect_Config {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/=/,$line);              my ($name,$value) = split(/=/,$line);
Line 452  sub Read_Host_Types { Line 461  sub Read_Host_Types {
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
      
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$hosttypes})) {      foreach my $key (keys(%{$hosttypes})) {
         delete($hosttypes->{$key});          delete($hosttypes->{$key});
Line 460  sub Read_Host_Types { Line 469  sub Read_Host_Types {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/:/,$line);              my ($name,$value) = split(/:/,$line);

Removed from v.1.18  
changed lines
  Added in v.1.23


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>