[BACK]Return to LondConnection.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom

Diff for /loncom/LondConnection.pm between versions 1.56 and 1.57

version 1.56, 2018/07/29 03:03:36 version 1.57, 2018/08/07 17:12:09
Line 44  my $DebugLevel=0; Line 44  my $DebugLevel=0;
 my %perlvar;  my %perlvar;
 my %secureconf;  my %secureconf;
 my %badcerts;  my %badcerts;
 my %hosttypes;   my %hosttypes;
   my %crlchecked;
 my $InsecureOk;  my $InsecureOk;
   
 #  #
Line 80  sub ReadConfig { Line 81  sub ReadConfig {
     unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') {      unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') {
         Debug(1,"Failed to retrieve hosttypes hash.\n");          Debug(1,"Failed to retrieve hosttypes hash.\n");
     }      }
     undef(%badcerts);      %badcerts = ();
       %crlchecked = ();
 }  }
   
 sub ResetReadConfig {  sub ResetReadConfig {
Line 204  sub new { Line 206  sub new {
                      Port               => $Port,                       Port               => $Port,
                      State              => "Initialized",                       State              => "Initialized",
      AuthenticationMode => "",       AuthenticationMode => "",
      InsecureOK         => $allowinsecure,                            InsecureOK         => $allowinsecure,
                      TransactionRequest => "",                       TransactionRequest => "",
                      TransactionReply   => "",                       TransactionReply   => "",
                      NextRequest        => "",                       NextRequest        => "",
Line 276  sub new { Line 278  sub new {
   
  my ($ca, $cert) = lonssl::CertificateFile;   my ($ca, $cert) = lonssl::CertificateFile;
  my $sslkeyfile  = lonssl::KeyFile;   my $sslkeyfile  = lonssl::KeyFile;
           my $badcertfile = lonssl::has_badcert_file($self->{LoncapaHim});
   
  if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) &&   if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) &&
             (!exists($badcerts{$self->{LoncapaHim}}))) {              (!exists($badcerts{$self->{LoncapaHim}})) && !$badcertfile) {
     $self->{AuthenticationMode} = "ssl";      $self->{AuthenticationMode} = "ssl";
     $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n";      $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n";
  } elsif ($self->{InsecureOK}) {   } elsif ($self->{InsecureOK}) {
Line 443  sub Readable { Line 446  sub Readable {
  fcntl($socket, F_SETFL, $flags | O_NONBLOCK);   fcntl($socket, F_SETFL, $flags | O_NONBLOCK);
  $self->ToVersionRequest();   $self->ToVersionRequest();
  return 0;   return 0;
     }      } 
     else {         # Failed in ssl exchange.      else { # Failed in ssl exchange.
         if (($sslresult == -1) && ($self->{InsecureOK})) {          if (($sslresult == -1) && (lonssl::LastError == -1) && ($self->{InsecureOK})) {
                               my $badcertdir = &lonssl::BadCertDir();
                               if (($badcertdir) && $self->{LoncapaHim}) {
                                   if (open(my $fh,'>',"$badcertdir/".$self->{LoncapaHim})) {
                                       close($fh);
                                   }
                               }
     $badcerts{$self->{LoncapaHim}} = 1;      $badcerts{$self->{LoncapaHim}} = 1;
                               &Debug(3,"SSL verification failed: close socket and initiate insecure connection");
                               $self->Transition("ReInitNoSSL");
                               $socket->close;
                               return -1;
  }   }
  &Debug(3,"init:ssl failed key negotiation!");   &Debug(3,"init:ssl failed key negotiation!");
  $self->Transition("Disconnected");   $self->Transition("Disconnected");
  $socket->close;   $socket->close;
  return -1;   return -1;
     }                      }
  }    } 
  elsif ($Response =~ /^[0-9]+/) { # Old style lond.   elsif ($Response =~ /^[0-9]+/) { # Old style lond.
     return $self->CompleteInsecure();      return $self->CompleteInsecure();
Line 1051  sub ExchangeKeysViaSSL { Line 1064  sub ExchangeKeysViaSSL {
     my ($SSLCACertificate,      my ($SSLCACertificate,
  $SSLCertificate) = lonssl::CertificateFile();   $SSLCertificate) = lonssl::CertificateFile();
     my $SSLKey             = lonssl::KeyFile();      my $SSLKey             = lonssl::KeyFile();
       my $CRLFile;
       unless ($crlchecked{$peer}) {
           $CRLFile = lonssl::CRLFile();
           $crlchecked{$peer} = 1;
       }
     #  Promote our connection to ssl and read the key from lond.      #  Promote our connection to ssl and read the key from lond.
   
     my $SSLSocket = lonssl::PromoteClientSocket($socket,      my $SSLSocket = lonssl::PromoteClientSocket($socket,
  $SSLCACertificate,   $SSLCACertificate,
  $SSLCertificate,   $SSLCertificate,
  $SSLKey,   $SSLKey,
                                                 $peer);                                                  $peer,
                                                   $CRLFile);
     if(defined $SSLSocket) {      if(defined $SSLSocket) {
  my $key  = <$SSLSocket>;   my $key  = <$SSLSocket>;
  lonssl::Close($SSLSocket);   lonssl::Close($SSLSocket);
Line 1211  sub PeerLoncapaHim { Line 1229  sub PeerLoncapaHim {
     return $self->{LoncapaHim};      return $self->{LoncapaHim};
 }  }
   
   #
   # Get the Authentication mode
   #
   
   sub GetKeyMode {
       my $self = shift;
       return $self->{AuthenticationMode};
   }
   
 1;  1;
   
 =pod  =pod
Removed from v.1.56  
changed lines
  Added in v.1.57

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>