loncom/lonssl.pm - diff

Return to lonssl.pm CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lonssl.pm between versions 1.18 and 1.23

version 1.18, 2018/08/09 13:27:55	version 1.23, 2018/12/11 15:15:26
Line 112 sub SetFdBlocking {	Line 112 sub SetFdBlocking {
# Socket IO::Socket::INET Original ordinary socket.	# Socket IO::Socket::INET Original ordinary socket.
# CACert string Full path name to the certificate	# CACert string Full path name to the certificate
# authority certificate file.	# authority certificate file.
# MyCert string Full path name to the certificate	# MyCert string Full path name to the certificate
# issued to this host.	# issued to this host.
# KeyFile string Full pathname to the host's private	# KeyFile string Full pathname to the host's private
# key file for the certificate.	# key file for the certificate.
# peer string lonHostID of remote LON-CAPA server	# peer string lonid of remote LON-CAPA server
	# peerdef string default lonHostID of remote server
# CRLFile Full path name to the certificate	# CRLFile Full path name to the certificate
# revocation list file for the cluster	# revocation list file for the cluster
# to which server belongs (optional)	# to which server belongs (optional)
Line 134 sub PromoteClientSocket {	Line 135 sub PromoteClientSocket {
$MyCert,	$MyCert,
$KeyFile,	$KeyFile,
$peer,	$peer,
	$peerdef,
$CRLFile) = @_;	$CRLFile) = @_;

Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");	Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer, RemoteDefHost: $peerdef\n");

# To create the ssl socket we need to duplicate the existing	# To create the ssl socket we need to duplicate the existing
# socket. Otherwise closing the ssl socket will close the plaintext socket	# socket. Otherwise closing the ssl socket will close the plaintext socket
Line 158 sub PromoteClientSocket {	Line 160 sub PromoteClientSocket {
# Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to	# Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to
# SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01	# SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01
# used by CentOS/RHEL/Scientific Linux 5).	# used by CentOS/RHEL/Scientific Linux 5).

	my $verify_cn = $peerdef;
	if ($verify_cn eq '') {
	$verify_cn = $peer;
	}

my %sslargs = (SSL_use_cert => 1,	my %sslargs = (SSL_use_cert => 1,
SSL_key_file => $KeyFile,	SSL_key_file => $KeyFile,
SSL_cert_file => $MyCert,	SSL_cert_file => $MyCert,
SSL_ca_file => $CACert,	SSL_ca_file => $CACert,
SSL_verifycn_name => $peer,	SSL_verifycn_name => $verify_cn,
SSL_verify_mode => Net::SSLeay::VERIFY_PEER());	SSL_verify_mode => Net::SSLeay::VERIFY_PEER());
if (($CRLFile ne '') && (-e $CRLFile)) {	if (($CRLFile ne '') && (-e $CRLFile)) {
$sslargs{SSL_check_crl} = 1;	$sslargs{SSL_check_crl} = 1;
Line 238 sub PromoteServerSocket {	Line 245 sub PromoteServerSocket {
$sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();	$sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();
if (($CRLFile ne '') && (-e $CRLFile)) {	if (($CRLFile ne '') && (-e $CRLFile)) {
$sslargs{SSL_check_crl} = 1;	$sslargs{SSL_check_crl} = 1;
$sslargs{SSL_crl_file} = $CRLFile;	$sslargs{SSL_crl_file} = $CRLFile;
}	}
}	}
my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);	my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);
Line 411 sub has_badcert_file {	Line 418 sub has_badcert_file {
}	}

sub Read_Connect_Config {	sub Read_Connect_Config {
my ($secureconf,$checkedcrl,$perlvarref) = @_;	my ($secureconf,$perlvarref,$crlcheckedref) = @_;
return unless ((ref($secureconf) eq 'HASH') && (ref($checkedcrl) eq 'HASH'));	return unless (ref($secureconf) eq 'HASH');

unless (ref($perlvarref) eq 'HASH') {	unless (ref($perlvarref) eq 'HASH') {
$perlvarref = $perlvar;	$perlvarref = $perlvar;
}	}

# Clear hash of clients for which Certificate Revocation List checked	# Clear hash of clients in lond for which Certificate Revocation List checked
foreach my $key (keys(%{$checkedcrl})) {	if (ref($crlcheckedref) eq 'HASH') {
delete($checkedcrl->{$key});	foreach my $key (keys(%{$crlcheckedref})) {
	delete($crlcheckedref->{$key});
	}
}	}
# Clean out the old table first.	# Clean out the old table first.
foreach my $key (keys(%{$secureconf})) {	foreach my $key (keys(%{$secureconf})) {
Line 429 sub Read_Connect_Config {	Line 438 sub Read_Connect_Config {

my $result;	my $result;
my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";	my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";
if (open(my $fh,"<$tablename")) {	if (open(my $fh,'<',$tablename)) {
while (my $line = <$fh>) {	while (my $line = <$fh>) {
chomp($line);	chomp($line);
my ($name,$value) = split(/=/,$line);	my ($name,$value) = split(/=/,$line);
Line 452 sub Read_Host_Types {	Line 461 sub Read_Host_Types {
unless (ref($perlvarref) eq 'HASH') {	unless (ref($perlvarref) eq 'HASH') {
$perlvarref = $perlvar;	$perlvarref = $perlvar;
}	}

# Clean out the old table first.	# Clean out the old table first.
foreach my $key (keys(%{$hosttypes})) {	foreach my $key (keys(%{$hosttypes})) {
delete($hosttypes->{$key});	delete($hosttypes->{$key});
Line 460 sub Read_Host_Types {	Line 469 sub Read_Host_Types {

my $result;	my $result;
my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";	my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";
if (open(my $fh,"<$tablename")) {	if (open(my $fh,'<',$tablename)) {
while (my $line = <$fh>) {	while (my $line = <$fh>) {
chomp($line);	chomp($line);
my ($name,$value) = split(/:/,$line);	my ($name,$value) = split(/:/,$line);

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.18
changed lines
	Added in v.1.23