version 1.17, 2018/08/07 17:12:08
|
version 1.19, 2018/08/20 18:53:20
|
Line 134 sub PromoteClientSocket {
|
Line 134 sub PromoteClientSocket {
|
$MyCert, |
$MyCert, |
$KeyFile, |
$KeyFile, |
$peer, |
$peer, |
$CRLFile) = @_; |
$CRLFile) = @_; |
|
|
|
|
Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n"); |
Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n"); |
|
|
# To create the ssl socket we need to duplicate the existing |
# To create the ssl socket we need to duplicate the existing |
Line 196 sub PromoteClientSocket {
|
Line 195 sub PromoteClientSocket {
|
# CRLFile Full path name to the certificate |
# CRLFile Full path name to the certificate |
# revocation list file for the cluster |
# revocation list file for the cluster |
# to which server belongs (optional) |
# to which server belongs (optional) |
|
# clientversion LON-CAPA version running on remote |
|
# client |
# Returns |
# Returns |
# - Reference to an SSL socket on success |
# - Reference to an SSL socket on success |
# - undef on failure. Reason for failure can be interrogated from |
# - undef on failure. Reason for failure can be interrogated from |
Line 209 sub PromoteServerSocket {
|
Line 210 sub PromoteServerSocket {
|
$MyCert, |
$MyCert, |
$KeyFile, |
$KeyFile, |
$peer, |
$peer, |
$CRLFile) = @_; |
$CRLFile, |
|
$clientversion) = @_; |
|
|
|
|
# To create the ssl socket we need to duplicate the existing |
# To create the ssl socket we need to duplicate the existing |
# socket. Otherwise closing the ssl socket will close the plaintext socket |
# socket. Otherwise closing the ssl socket will close the plaintext socket |
Line 229 sub PromoteServerSocket {
|
Line 229 sub PromoteServerSocket {
|
SSL_use_cert => 1, |
SSL_use_cert => 1, |
SSL_key_file => $KeyFile, |
SSL_key_file => $KeyFile, |
SSL_cert_file => $MyCert, |
SSL_cert_file => $MyCert, |
SSL_ca_file => $CACert, |
SSL_ca_file => $CACert); |
SSL_verifycn_name => $peer, |
my ($major,$minor) = split(/\./,$clientversion); |
SSL_verify_mode => Net::SSLeay::VERIFY_PEER()); |
if (($major < 2) || ($major == 2 && $minor < 12)) { |
if (($CRLFile ne '') && (-e $CRLFile)) { |
$sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_NONE(); |
$sslargs{SSL_check_crl} = 1; |
} else { |
$sslargs{SSL_crl_file} = $CRLFile; |
$sslargs{SSL_verifycn_name} = $peer; |
|
$sslargs{SSL_verify_mode} = Net::SSLeay::VERIFY_PEER(); |
|
if (($CRLFile ne '') && (-e $CRLFile)) { |
|
$sslargs{SSL_check_crl} = 1; |
|
$sslargs{SSL_crl_file} = $CRLFile; |
|
} |
} |
} |
my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs); |
my $client = IO::Socket::SSL->new_from_fd($dupfno,%sslargs); |
if(!$client) { |
if(!$client) { |
Line 406 sub has_badcert_file {
|
Line 411 sub has_badcert_file {
|
} |
} |
|
|
sub Read_Connect_Config { |
sub Read_Connect_Config { |
my ($secureconf,$checkedcrl,$perlvarref) = @_; |
my ($secureconf,$perlvarref) = @_; |
return unless ((ref($secureconf) eq 'HASH') && (ref($checkedcrl) eq 'HASH')); |
return unless (ref($secureconf) eq 'HASH'); |
|
|
unless (ref($perlvarref) eq 'HASH') { |
unless (ref($perlvarref) eq 'HASH') { |
$perlvarref = $perlvar; |
$perlvarref = $perlvar; |
} |
} |
|
|
# Clear hash of clients for which Certificate Revocation List checked |
|
foreach my $key (keys(%{$checkedcrl})) { |
|
delete($checkedcrl->{$key}); |
|
} |
|
# Clean out the old table first. |
# Clean out the old table first. |
foreach my $key (keys(%{$secureconf})) { |
foreach my $key (keys(%{$secureconf})) { |
delete($secureconf->{$key}); |
delete($secureconf->{$key}); |