commit a291e4d5d73c13fc8076211b004e7349cd4bbf7d
Author: Gonéri Le Bouder <goneri@rulezlan.org>
Date: Mon Nov 28 21:37:48 2011 +0100
try to use ssl_opts on LWP<6 too
previously this block was only for LWP6. For some modern
LWP5/Crypt::SSLeay also need it, I use an eval here to avoid
failure on ancient LWP::UserAgent with no ssl_opts()
closes: #1161
Reported-by: Remi Collet <fedora@famillecollet.com>
diff --git a/lib/FusionInventory/Agent/Network.pm b/lib/FusionInventory/Agent/Network.pm
index b349de5..6bc6fbf 100644
--- a/lib/FusionInventory/Agent/Network.pm
+++ b/lib/FusionInventory/Agent/Network.pm
@@ -107,8 +107,11 @@ sub createUA {
my $ua = LWP::UserAgent->new(keep_alive => 1, requests_redirectable => ['POST', 'GET', 'HEAD']);
-
- if ($LWP::VERSION >= 6) {
+ # previously this block was only for LWP6.
+ # For some modern LWP5/Crypt::SSLeay also need it, I use
+ # an eval here to avoid failure on ancient LWP::UserAgent with
+ # no ssl_opts()
+ eval {
# LWP6 default behavior is to check the SSL hostname
if ($config->{'no-ssl-check'}) {
$ua->ssl_opts(verify_hostname => 0);
@@ -119,7 +122,7 @@ sub createUA {
if ($config->{'ca-cert-dir'}) {
$ua->ssl_opts(SSL_ca_path => $config->{'ca-cert-dir'});
}
- }
+ };
if ($noProxy) {
commit 5001036e8eabac54a5058306c44793df325109a2
Author: Gonéri Le Bouder <goneri@rulezlan.org>
Date: Mon Nov 28 21:39:21 2011 +0100
improve the regex used to parse the SSL-Cert
- Drop the port from the hostname
- Use a wildcare only if there is a domain
diff --git a/lib/FusionInventory/Agent/Network.pm b/lib/FusionInventory/Agent/Network.pm
index 6bc6fbf..96d7513 100644
--- a/lib/FusionInventory/Agent/Network.pm
+++ b/lib/FusionInventory/Agent/Network.pm
@@ -362,9 +362,10 @@ sub setSslRemoteHost {
# Check server name against provided SSL certificate
if ( $self->{URI} =~ /^https:\/\/([^\/]+).*$/i ) {
my $re = $1;
+ $re =~ s/:\d+//;
# Accept SSL cert will hostname with wild-card
# http://forge.fusioninventory.org/issues/542
- $re =~ s/^([^\.]+)/($1|\\*)/;
+ $re =~ s/^([^\.]+)\.(.+)/($1|\\*)/;
# protect some characters, $re will be evaluated as a regex
$re =~ s/([\-\.])/\\$1/g;
$ua->default_header('If-SSL-Cert-Subject' => '/CN='.$re.'($|\/)');
commit 8035bde109d9684dac5fd9369ce6a7a641c54f99
Author: Gonéri Le Bouder <goneri@rulezlan.org>
Date: Mon Nov 28 21:48:52 2011 +0100
SSL: skip some test on LWP<6
Those cases are just unsupported.
closes: #1161
Reported-by: Remi Collet <fedora@famillecollet.com>
diff --git a/t/ssl.t b/t/ssl.t
index ff8c25e..d8b384f 100644
--- a/t/ssl.t
+++ b/t/ssl.t
@@ -107,10 +107,14 @@ $server->set_dispatch({
});
$server->background();
+
+SKIP: {
+skip "Too all LWP for alternate hostname", 1 unless $LWP::VERSION >= 6;
ok(
$secure_client->send({message => $message}),
'trusted certificate, alternate hostname: connection success'
);
+}
$server->stop();
@@ -161,10 +165,14 @@ ok(
'untrusted certificate, correct hostname: connection failure'
);
+SKIP: {
+skip "Check disabled on LWP<6", 1 unless $LWP::VERSION >= 6;
+# Unless you wan to fix this
ok(
$unsafe_client->send({message => $message}),
'untrusted certificate, correct hostname, no check: connection success'
);
+}
$server->stop();