version 1.58, 2018/12/03 13:48:13
|
version 1.61, 2018/12/11 20:51:08
|
Line 165 host the remote lond is on. This host is
|
Line 165 host the remote lond is on. This host is
|
|
|
port number the remote lond is listening on. |
port number the remote lond is listening on. |
|
|
|
=item lonid |
|
|
|
lonid of the remote lond is listening on. |
|
|
|
=item deflonid |
|
|
|
default lonhostID of the remote lond is listening on. |
|
|
=cut |
=cut |
|
|
sub new { |
sub new { |
my ($class, $DnsName, $Port, $lonid) = @_; |
my ($class, $DnsName, $Port, $lonid, $deflonid) = @_; |
|
|
if (!$ConfigRead) { |
if (!$ConfigRead) { |
ReadConfig(); |
ReadConfig(); |
$ConfigRead = 1; |
$ConfigRead = 1; |
} |
} |
&Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.")\n"); |
&Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.",".$deflonid.")\n"); |
|
|
my ($conntype,$gotconninfo,$allowinsecure); |
my ($conntype,$gotconninfo,$allowinsecure); |
if ((ref($secureconf{'connto'}) eq 'HASH') && |
if ((ref($secureconf{'connto'}) eq 'HASH') && |
Line 203 sub new {
|
Line 211 sub new {
|
# Now create the object... |
# Now create the object... |
my $self = { Host => $DnsName, |
my $self = { Host => $DnsName, |
LoncapaHim => $lonid, |
LoncapaHim => $lonid, |
|
LoncapaDefid => $deflonid, |
Port => $Port, |
Port => $Port, |
State => "Initialized", |
State => "Initialized", |
AuthenticationMode => "", |
AuthenticationMode => "", |
Line 279 sub new {
|
Line 288 sub new {
|
my ($ca, $cert) = lonssl::CertificateFile; |
my ($ca, $cert) = lonssl::CertificateFile; |
my $sslkeyfile = lonssl::KeyFile; |
my $sslkeyfile = lonssl::KeyFile; |
my $badcertfile = lonssl::has_badcert_file($self->{LoncapaHim}); |
my $badcertfile = lonssl::has_badcert_file($self->{LoncapaHim}); |
|
my ($loncaparev) = ($perlvar{'lonVersion'} =~ /^[\'\"]?([\w.\-]+)[\'\"]?$/); |
|
|
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
(!exists($badcerts{$self->{LoncapaHim}})) && !$badcertfile) { |
(!exists($badcerts{$self->{LoncapaHim}})) && !$badcertfile) { |
$self->{AuthenticationMode} = "ssl"; |
$self->{AuthenticationMode} = "ssl"; |
$self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init:ssl:$loncaparev\n"; |
} elsif ($self->{InsecureOK}) { |
} elsif ($self->{InsecureOK}) { |
# Allowed to do insecure: |
# Allowed to do insecure: |
$self->{AuthenticationMode} = "insecure"; |
$self->{AuthenticationMode} = "insecure"; |
$self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init::$loncaparev\n"; |
} else { |
} else { |
# Not allowed to do insecure... |
# Not allowed to do insecure... |
$socket->close; |
$socket->close; |
Line 1057 sub ExchangeKeysViaSSL {
|
Line 1067 sub ExchangeKeysViaSSL {
|
my $self = shift; |
my $self = shift; |
my $socket = $self->{Socket}; |
my $socket = $self->{Socket}; |
my $peer = $self->{LoncapaHim}; |
my $peer = $self->{LoncapaHim}; |
|
my $peerdef = $self->{LoncapaDefid}; |
|
|
# Get our signed certificate, the certificate authority's |
# Get our signed certificate, the certificate authority's |
# certificate and our private key file. All of these |
# certificate and our private key file. All of these |
Line 1066 sub ExchangeKeysViaSSL {
|
Line 1077 sub ExchangeKeysViaSSL {
|
$SSLCertificate) = lonssl::CertificateFile(); |
$SSLCertificate) = lonssl::CertificateFile(); |
my $SSLKey = lonssl::KeyFile(); |
my $SSLKey = lonssl::KeyFile(); |
my $CRLFile; |
my $CRLFile; |
unless ($crlchecked{$peer}) { |
unless ($crlchecked{$peerdef}) { |
$CRLFile = lonssl::CRLFile(); |
$CRLFile = lonssl::CRLFile(); |
$crlchecked{$peer} = 1; |
$crlchecked{$peerdef} = 1; |
} |
} |
# Promote our connection to ssl and read the key from lond. |
# Promote our connection to ssl and read the key from lond. |
|
|
Line 1077 sub ExchangeKeysViaSSL {
|
Line 1088 sub ExchangeKeysViaSSL {
|
$SSLCertificate, |
$SSLCertificate, |
$SSLKey, |
$SSLKey, |
$peer, |
$peer, |
|
$peerdef, |
$CRLFile); |
$CRLFile); |
if(defined $SSLSocket) { |
if(defined $SSLSocket) { |
my $key = <$SSLSocket>; |
my $key = <$SSLSocket>; |