[BACK]Return to lonssl.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/lonssl.pm between versions 1.18 and 1.22

version 1.18, 2018/08/09 13:27:55 version 1.22, 2018/12/11 13:05:40
Line 112  sub SetFdBlocking { Line 112  sub SetFdBlocking {
 #               Socket IO::Socket::INET   Original ordinary socket.  #               Socket IO::Socket::INET   Original ordinary socket.
 #               CACert string           Full path name to the certificate   #               CACert string           Full path name to the certificate 
 #                                          authority certificate file.  #                                          authority certificate file.
 #                MyCert string           Full path name to the certificate   #               MyCert string           Full path name to the certificate 
 #                                          issued to this host.  #                                          issued to this host.
 #                KeyFile string       Full pathname to the host's private   #               KeyFile string       Full pathname to the host's private 
 #                                          key file for the certificate.  #                                          key file for the certificate.
 #               peer    string             lonHostID of remote LON-CAPA server  #               peer    string             lonid of remote LON-CAPA server
   #               peerdef string             default lonHostID of remote server
 #               CRLFile                    Full path name to the certificate  #               CRLFile                    Full path name to the certificate
 #                                          revocation list file for the cluster  #                                          revocation list file for the cluster
 #                                          to which server belongs (optional)  #                                          to which server belongs (optional)
Line 134  sub PromoteClientSocket { Line 135  sub PromoteClientSocket {
  $MyCert,   $MyCert,
  $KeyFile,   $KeyFile,
         $peer,          $peer,
           $peerdef,
         $CRLFile) = @_;          $CRLFile) = @_;
   
     Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");      Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer, RemoteDefHost: $peerdef\n");
   
     # To create the ssl socket we need to duplicate the existing      # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket      # socket.  Otherwise closing the ssl socket will close the plaintext socket
Line 158  sub PromoteClientSocket { Line 160  sub PromoteClientSocket {
     # Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to      # Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to
     # SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01      # SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01
     # used by CentOS/RHEL/Scientific Linux 5).      # used by CentOS/RHEL/Scientific Linux 5).
       
       my $verify_cn = $peerdef;
       if ($verify_cn eq '') {
           $verify_cn = $peer;
       }
   
     my %sslargs = (SSL_use_cert      => 1,      my %sslargs = (SSL_use_cert      => 1,
                    SSL_key_file      => $KeyFile,                     SSL_key_file      => $KeyFile,
                    SSL_cert_file     => $MyCert,                     SSL_cert_file     => $MyCert,
                    SSL_ca_file       => $CACert,                     SSL_ca_file       => $CACert,
                    SSL_verifycn_name => $peer,                     SSL_verifycn_name => $verify_cn,
                    SSL_verify_mode   => Net::SSLeay::VERIFY_PEER());                     SSL_verify_mode   => Net::SSLeay::VERIFY_PEER());
     if (($CRLFile ne '') && (-e $CRLFile)) {      if (($CRLFile ne '') && (-e $CRLFile)) {
         $sslargs{SSL_check_crl} = 1;          $sslargs{SSL_check_crl} = 1;
Line 238  sub PromoteServerSocket { Line 245  sub PromoteServerSocket {
         $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();          $sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER();
         if (($CRLFile ne '') && (-e $CRLFile)) {          if (($CRLFile ne '') && (-e $CRLFile)) {
             $sslargs{SSL_check_crl} = 1;              $sslargs{SSL_check_crl} = 1;
             $sslargs{SSL_crl_file} = $CRLFile;               $sslargs{SSL_crl_file} = $CRLFile;
         }          }
     }      }
     my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);      my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs);
Line 411  sub has_badcert_file { Line 418  sub has_badcert_file {
 }  }
   
 sub Read_Connect_Config {  sub Read_Connect_Config {
     my ($secureconf,$checkedcrl,$perlvarref) = @_;      my ($secureconf,$perlvarref,$crlchecked) = @_;
     return unless ((ref($secureconf) eq 'HASH') && (ref($checkedcrl) eq 'HASH'));      return unless (ref($secureconf) eq 'HASH');
   
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
   
     # Clear hash of clients for which Certificate Revocation List checked       # Clear hash of clients in lond for which Certificate Revocation List checked
     foreach my $key (keys(%{$checkedcrl})) {      if (ref($crlcheckedref) eq 'HASH') {
         delete($checkedcrl->{$key});          foreach my $key (keys(%{$crlcheckedref})) {
               delete($crlcheckedref->{$key});
           }
     }      }
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$secureconf})) {      foreach my $key (keys(%{$secureconf})) {
Line 429  sub Read_Connect_Config { Line 438  sub Read_Connect_Config {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/=/,$line);              my ($name,$value) = split(/=/,$line);
Line 452  sub Read_Host_Types { Line 461  sub Read_Host_Types {
     unless (ref($perlvarref) eq 'HASH') {      unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;          $perlvarref = $perlvar;
     }      }
      
     # Clean out the old table first.      # Clean out the old table first.
     foreach my $key (keys(%{$hosttypes})) {      foreach my $key (keys(%{$hosttypes})) {
         delete($hosttypes->{$key});          delete($hosttypes->{$key});
Line 460  sub Read_Host_Types { Line 469  sub Read_Host_Types {
   
     my $result;      my $result;
     my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";      my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";
     if (open(my $fh,"<$tablename")) {      if (open(my $fh,'<',$tablename)) {
         while (my $line = <$fh>) {          while (my $line = <$fh>) {
             chomp($line);              chomp($line);
             my ($name,$value) = split(/:/,$line);              my ($name,$value) = split(/:/,$line);
Removed from v.1.18  
changed lines
  Added in v.1.22

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.