[BACK]Return to lonssl.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/lonssl.pm between versions 1.17 and 1.20

version 1.17, 2018/08/07 17:12:08 version 1.20, 2018/12/03 03:40:39
Line 134  sub PromoteClientSocket { Line 134  sub PromoteClientSocket {
  $MyCert,   $MyCert,
  $KeyFile,   $KeyFile,
         $peer,          $peer,
         $CRLFile)          = @_;          $CRLFile) = @_;
       
       
     Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");      Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");
   
     # To create the ssl socket we need to duplicate the existing      # To create the ssl socket we need to duplicate the existing
Line 196  sub PromoteClientSocket { Line 195  sub PromoteClientSocket {
 #               CRLFile                    Full path name to the certificate  #               CRLFile                    Full path name to the certificate
 #                                          revocation list file for the cluster  #                                          revocation list file for the cluster
 #                                          to which server belongs (optional)  #                                          to which server belongs (optional)
   #               clientversion              LON-CAPA version running on remote
   #                                          client
 # Returns  # Returns
 # - Reference to an SSL socket on success  # - Reference to an SSL socket on success
 #       - undef on failure.  Reason for failure can be interrogated from   #       - undef on failure.  Reason for failure can be interrogated from 
Line 209  sub PromoteServerSocket { Line 210  sub PromoteServerSocket {
  $MyCert,   $MyCert,
  $KeyFile,   $KeyFile,
         $peer,          $peer,
         $CRLFile)          = @_;          $CRLFile,
           $clientversion) = @_;
   
   
     # To create the ssl socket we need to duplicate the existing      # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket      # socket.  Otherwise closing the ssl socket will close the plaintext socket
Line 229  sub PromoteServerSocket { Line 229  sub PromoteServerSocket {
                    SSL_use_cert      => 1,                     SSL_use_cert      => 1,
                    SSL_key_file      => $KeyFile,                     SSL_key_file      => $KeyFile,
                    SSL_cert_file     => $MyCert,                     SSL_cert_file     => $MyCert,
                    SSL_ca_file       => $CACert,                     SSL_ca_file       => $CACert);
                    SSL_verifycn_name => $peer,      my ($major,$minor) = split(/\./,$clientversion);
                    SSL_verify_mode   => Net::SSLeay::VERIFY_PEER());       if (($major < 2) || ($major == 2 && $minor < 12)) {
     if (($CRLFile ne '') && (-e $CRLFile)) {          $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_NONE();
         $sslargs{SSL_check_crl} = 1;      } else {
         $sslargs{SSL_crl_file} = $CRLFile;           $sslargs{SSL_verifycn_name} = $peer;
           $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();
           if (($CRLFile ne '') && (-e $CRLFile)) {
               $sslargs{SSL_check_crl} = 1;
               $sslargs{SSL_crl_file} = $CRLFile;
           }
     }      }
     my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);      my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);
     if(!$client) {      if(!$client) {
Line 406  sub has_badcert_file { Line 411  sub has_badcert_file {
 }  }
   
 sub Read_Connect_Config {  sub Read_Connect_Config {
     my ($secureconf,$checkedcrl,$perlvarref) = @_;      my ($secureconf,$perlvarref) = @_;
     return unless ((ref($secureconf) eq 'HASH') && (ref($checkedcrl) eq 'HASH'));      return unless (ref($secureconf) eq 'HASH');
   
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
   
     # Clear hash of clients for which Certificate Revocation List checked   
     foreach my $key (keys(%{$checkedcrl})) {  
         delete($checkedcrl->{$key});  
     }  
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$secureconf})) {      foreach my $key (keys(%{$secureconf})) {
         delete($secureconf->{$key});          delete($secureconf->{$key});
Line 424  sub Read_Connect_Config { Line 425  sub Read_Connect_Config {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/=/,$line);              my ($name,$value) = split(/=/,$line);
Line 447  sub Read_Host_Types { Line 448  sub Read_Host_Types {
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
      
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$hosttypes})) {      foreach my $key (keys(%{$hosttypes})) {
         delete($hosttypes->{$key});          delete($hosttypes->{$key});
Line 455  sub Read_Host_Types { Line 456  sub Read_Host_Types {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/:/,$line);              my ($name,$value) = split(/:/,$line);
Removed from v.1.17  
changed lines
  Added in v.1.20

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>