version 1.13, 2015/11/07 18:41:11
|
version 1.15, 2017/02/28 05:42:06
|
Line 37 use strict;
|
Line 37 use strict;
|
|
|
use IO::Socket::INET; |
use IO::Socket::INET; |
use IO::Socket::SSL; |
use IO::Socket::SSL; |
|
use Net::SSLeay; |
|
|
use Fcntl; |
use Fcntl; |
use POSIX; |
use POSIX; |
Line 141 sub PromoteClientSocket {
|
Line 142 sub PromoteClientSocket {
|
my $dupfno = fcntl($PlaintextSocket, F_DUPFD, 0); |
my $dupfno = fcntl($PlaintextSocket, F_DUPFD, 0); |
Debug("Client promotion got dup = $dupfno\n"); |
Debug("Client promotion got dup = $dupfno\n"); |
|
|
|
# Starting with IO::Socket::SSL rev. 1.79, carp warns that a verify |
|
# mode of SSL_VERIFY_NONE should be explicitly set for client, if |
|
# verification is not to be used, and SSL_verify_mode is not set. |
|
# Starting with rev. 1.95, the default became SSL_VERIFY_PEER which |
|
# prevents connections to lond. |
|
# Set SSL_verify_mode to Net::SSLeay::VERIFY_NONE() instead of to |
|
# SSL_VERIFY_NONE for compatibility with IO::Socket::SSL rev. 1.01 |
|
# used by CentOS/RHEL/Scientific Linux 5). |
|
|
my $client = IO::Socket::SSL->new_from_fd($dupfno, |
my $client = IO::Socket::SSL->new_from_fd($dupfno, |
SSL_use_cert => 1, |
SSL_use_cert => 1, |
SSL_key_file => $KeyFile, |
SSL_key_file => $KeyFile, |
SSL_cert_file => $MyCert, |
SSL_cert_file => $MyCert, |
SSL_ca_file => $CACert); |
SSL_ca_file => $CACert, |
|
SSL_verify_mode => Net::SSLeay::VERIFY_NONE()); |
|
|
if(!$client) { |
if(!$client) { |
$lasterror = IO::Socket::SSL::errstr(); |
$lasterror = IO::Socket::SSL::errstr(); |
Line 323 sub KeyFile {
|
Line 333 sub KeyFile {
|
return $KeyFilename; |
return $KeyFilename; |
} |
} |
|
|
|
sub Read_Connect_Config { |
|
my ($secureconf,$perlvarref) = @_; |
|
return unless (ref($secureconf) eq 'HASH'); |
|
|
|
unless (ref($perlvarref) eq 'HASH') { |
|
$perlvarref = $perlvar; |
|
} |
|
|
|
# Clean out the old table first. |
|
foreach my $key (keys(%{$secureconf})) { |
|
delete($secureconf->{$key}); |
|
} |
|
|
|
my $result; |
|
my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab"; |
|
if (open(my $fh,"<$tablename")) { |
|
while (my $line = <$fh>) { |
|
chomp($line); |
|
my ($name,$value) = split(/=/,$line); |
|
if ($value =~ /^(?:no|yes|req)$/) { |
|
if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { |
|
$secureconf->{'conn'.$1}{$2} = $value; |
|
} |
|
} |
|
} |
|
close($fh); |
|
return 'ok'; |
|
} |
|
return; |
|
} |
|
|
|
sub Read_Host_Types { |
|
my ($hosttypes,$perlvarref) = @_; |
|
return unless (ref($hosttypes) eq 'HASH'); |
|
|
|
unless (ref($perlvarref) eq 'HASH') { |
|
$perlvarref = $perlvar; |
|
} |
|
|
|
# Clean out the old table first. |
|
foreach my $key (keys(%{$hosttypes})) { |
|
delete($hosttypes->{$key}); |
|
} |
|
|
|
my $result; |
|
my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab"; |
|
if (open(my $fh,"<$tablename")) { |
|
while (my $line = <$fh>) { |
|
chomp($line); |
|
my ($name,$value) = split(/:/,$line); |
|
if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { |
|
$hosttypes->{$name} = $value; |
|
} |
|
} |
|
close($fh); |
|
return 'ok'; |
|
} |
|
return; |
|
} |
|
|
1; |
1; |