Diff for /loncom/lonssl.pm between versions 1.13 and 1.14

version 1.13, 2015/11/07 18:41:11 version 1.14, 2015/11/08 03:15:13
Line 37  use strict; Line 37  use strict;
   
 use IO::Socket::INET;  use IO::Socket::INET;
 use IO::Socket::SSL;  use IO::Socket::SSL;
   use Net::SSLeay;
   
 use Fcntl;  use Fcntl;
 use POSIX;  use POSIX;
Line 141  sub PromoteClientSocket { Line 142  sub PromoteClientSocket {
     my $dupfno   = fcntl($PlaintextSocket, F_DUPFD, 0);      my $dupfno   = fcntl($PlaintextSocket, F_DUPFD, 0);
     Debug("Client promotion got dup = $dupfno\n");      Debug("Client promotion got dup = $dupfno\n");
   
       # Starting with IO::Socket::SSL rev. 1.79, carp warns that a verify 
       # mode of SSL_VERIFY_NONE should be explicitly set for client, if 
       # verification is not to be used, and SSL_verify_mode is not set.
       # Starting with rev. 1.95, the default became SSL_VERIFY_PEER which
       # prevents connections to lond.
       # Set SSL_verify_mode to Net::SSLeay::VERIFY_NONE() instead of to
       # SSL_VERIFY_NONE for compatibility with IO::Socket::SSL rev. 1.01
       # used by CentOS/RHEL/Scientific Linux 5).
           
     my $client = IO::Socket::SSL->new_from_fd($dupfno,      my $client = IO::Socket::SSL->new_from_fd($dupfno,
       SSL_use_cert => 1,        SSL_use_cert => 1,
       SSL_key_file  => $KeyFile,        SSL_key_file  => $KeyFile,
       SSL_cert_file => $MyCert,        SSL_cert_file => $MyCert,
       SSL_ca_file   => $CACert);        SSL_ca_file   => $CACert,
         SSL_verify_mode => Net::SSLeay::VERIFY_NONE());
           
     if(!$client) {      if(!$client) {
  $lasterror = IO::Socket::SSL::errstr();   $lasterror = IO::Socket::SSL::errstr();

Removed from v.1.13  
changed lines
  Added in v.1.14


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>