version 1.56, 2018/07/29 03:03:36
|
version 1.58, 2018/12/03 13:48:13
|
Line 44 my $DebugLevel=0;
|
Line 44 my $DebugLevel=0;
|
my %perlvar; |
my %perlvar; |
my %secureconf; |
my %secureconf; |
my %badcerts; |
my %badcerts; |
my %hosttypes; |
my %hosttypes; |
|
my %crlchecked; |
my $InsecureOk; |
my $InsecureOk; |
|
|
# |
# |
Line 80 sub ReadConfig {
|
Line 81 sub ReadConfig {
|
unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
Debug(1,"Failed to retrieve hosttypes hash.\n"); |
Debug(1,"Failed to retrieve hosttypes hash.\n"); |
} |
} |
undef(%badcerts); |
%badcerts = (); |
|
%crlchecked = (); |
} |
} |
|
|
sub ResetReadConfig { |
sub ResetReadConfig { |
Line 204 sub new {
|
Line 206 sub new {
|
Port => $Port, |
Port => $Port, |
State => "Initialized", |
State => "Initialized", |
AuthenticationMode => "", |
AuthenticationMode => "", |
InsecureOK => $allowinsecure, |
InsecureOK => $allowinsecure, |
TransactionRequest => "", |
TransactionRequest => "", |
TransactionReply => "", |
TransactionReply => "", |
NextRequest => "", |
NextRequest => "", |
Line 276 sub new {
|
Line 278 sub new {
|
|
|
my ($ca, $cert) = lonssl::CertificateFile; |
my ($ca, $cert) = lonssl::CertificateFile; |
my $sslkeyfile = lonssl::KeyFile; |
my $sslkeyfile = lonssl::KeyFile; |
|
my $badcertfile = lonssl::has_badcert_file($self->{LoncapaHim}); |
|
|
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
(!exists($badcerts{$self->{LoncapaHim}}))) { |
(!exists($badcerts{$self->{LoncapaHim}})) && !$badcertfile) { |
$self->{AuthenticationMode} = "ssl"; |
$self->{AuthenticationMode} = "ssl"; |
$self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
} elsif ($self->{InsecureOK}) { |
} elsif ($self->{InsecureOK}) { |
Line 443 sub Readable {
|
Line 446 sub Readable {
|
fcntl($socket, F_SETFL, $flags | O_NONBLOCK); |
fcntl($socket, F_SETFL, $flags | O_NONBLOCK); |
$self->ToVersionRequest(); |
$self->ToVersionRequest(); |
return 0; |
return 0; |
} |
} |
else { # Failed in ssl exchange. |
else { # Failed in ssl exchange. |
if (($sslresult == -1) && ($self->{InsecureOK})) { |
if (($sslresult == -1) && (lonssl::LastError == -1) && ($self->{InsecureOK})) { |
|
my $badcertdir = &lonssl::BadCertDir(); |
|
if (($badcertdir) && $self->{LoncapaHim}) { |
|
if (open(my $fh,'>',"$badcertdir/".$self->{LoncapaHim})) { |
|
close($fh); |
|
} |
|
} |
$badcerts{$self->{LoncapaHim}} = 1; |
$badcerts{$self->{LoncapaHim}} = 1; |
|
&Debug(3,"SSL verification failed: close socket and initiate insecure connection"); |
|
$self->Transition("ReInitNoSSL"); |
|
$socket->close; |
|
return -1; |
} |
} |
&Debug(3,"init:ssl failed key negotiation!"); |
&Debug(3,"init:ssl failed key negotiation!"); |
$self->Transition("Disconnected"); |
$self->Transition("Disconnected"); |
$socket->close; |
$socket->close; |
return -1; |
return -1; |
} |
} |
} |
} |
elsif ($Response =~ /^[0-9]+/) { # Old style lond. |
elsif ($Response =~ /^[0-9]+/) { # Old style lond. |
return $self->CompleteInsecure(); |
return $self->CompleteInsecure(); |
Line 517 sub Readable {
|
Line 530 sub Readable {
|
} |
} |
} elsif ($self->{State} eq "ReceivingKey") { |
} elsif ($self->{State} eq "ReceivingKey") { |
my $buildkey = $self->{TransactionReply}; |
my $buildkey = $self->{TransactionReply}; |
|
chomp($buildkey); |
my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'}; |
my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'}; |
$key=~tr/a-z/A-Z/; |
$key=~tr/a-z/A-Z/; |
$key=~tr/G-P/0-9/; |
$key=~tr/G-P/0-9/; |
Line 1051 sub ExchangeKeysViaSSL {
|
Line 1065 sub ExchangeKeysViaSSL {
|
my ($SSLCACertificate, |
my ($SSLCACertificate, |
$SSLCertificate) = lonssl::CertificateFile(); |
$SSLCertificate) = lonssl::CertificateFile(); |
my $SSLKey = lonssl::KeyFile(); |
my $SSLKey = lonssl::KeyFile(); |
|
my $CRLFile; |
|
unless ($crlchecked{$peer}) { |
|
$CRLFile = lonssl::CRLFile(); |
|
$crlchecked{$peer} = 1; |
|
} |
# Promote our connection to ssl and read the key from lond. |
# Promote our connection to ssl and read the key from lond. |
|
|
my $SSLSocket = lonssl::PromoteClientSocket($socket, |
my $SSLSocket = lonssl::PromoteClientSocket($socket, |
$SSLCACertificate, |
$SSLCACertificate, |
$SSLCertificate, |
$SSLCertificate, |
$SSLKey, |
$SSLKey, |
$peer); |
$peer, |
|
$CRLFile); |
if(defined $SSLSocket) { |
if(defined $SSLSocket) { |
my $key = <$SSLSocket>; |
my $key = <$SSLSocket>; |
lonssl::Close($SSLSocket); |
lonssl::Close($SSLSocket); |
Line 1211 sub PeerLoncapaHim {
|
Line 1230 sub PeerLoncapaHim {
|
return $self->{LoncapaHim}; |
return $self->{LoncapaHim}; |
} |
} |
|
|
|
# |
|
# Get the Authentication mode |
|
# |
|
|
|
sub GetKeyMode { |
|
my $self = shift; |
|
return $self->{AuthenticationMode}; |
|
} |
|
|
1; |
1; |
|
|
=pod |
=pod |