arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add default value for attribute site.xcatsslversion=TLSv1 to avoid using sslv3 which might cause POODLE Attach

Browse Source
This commit is contained in:
daniceexi
2015-02-12 09:42:41 -05:00
parent d41512f24c
commit b2eb57d072
3 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
perl-xCAT/xCAT/Client.pm
View File

@@ -237,6 +237,10 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
}
}
my $client;
my %sslargs;
if (defined($ENV{'XCATSSLVER'})) {
$sslargs{SSL_version} = $ENV{'XCATSSLVER'};
}
if (-r $keyfile and -r $certfile and -r $cafile) {
$client = IO::Socket::SSL->start_SSL($pclient,
SSL_key_file => $keyfile,
@@ -245,6 +249,7 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
SSL_verify_mode => SSL_VERIFY_PEER,
SSL_use_cert => 1,
Timeout => 0,
%sslargs,
);
} else {
$client = IO::Socket::SSL->start_SSL($pclient,

8
xCAT-client/xCAT-client.spec
View File

@@ -294,6 +294,14 @@ export XCATROOT PATH MANPATH
export PERL_BADLANG=0
EOF
# export XCATSSLVER for sles11. Others OS can work without this setting.
if [ -r /etc/SuSE-release ]; then
ver=`grep 'VERSION' /etc/SuSE-release | awk -F= '{print $2}' | sed 's/ //g'`
if [ "$ver" = "11" ]; then
echo 'export XCATSSLVER=TLSv1' >> /etc/profile.d/xcat.sh
fi
fi
cat << EOF > /etc/profile.d/xcat.csh
setenv XCATROOT "$RPM_INSTALL_PREFIX0"
setenv PATH \${XCATROOT}/bin:\${XCATROOT}/sbin:\${XCATROOT}/share/xcat/tools:\${PATH}

11
xCAT-server/sbin/xcatconfig
View File

@@ -1250,6 +1250,7 @@ sub initDB
$chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;";
#$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031
if ($::osname eq 'AIX')
@@ -1504,6 +1505,16 @@ sub initDB
}
}
# add default value to site.xcatsslversion
$cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;";
$outref = xCAT::Utils->runcmd("$cmds", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',"Could not add default value for site.xcatsslversion.");
}
}
# remove xcatserver,xcatclient
# from the postscripts. They are now called by servicenode