arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Continue the fix to avoid sslv3 in xcatd. In this commit, all the calling to [openssl s_client] in xcat code which used to connect to xcatd will add arguments [-no_ssl3 -no_ssl2] to avoid the using of sslv2/3

Browse Source
This commit is contained in:
daniceexi
2015-02-12 20:19:00 -05:00
parent b2eb57d072
commit bf7645a4f5
6 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk
View File

@@ -68,9 +68,9 @@ xCATCmd () {
# $2 is the command
ARCH=`uname -m`
if [ x$ARCH = x"ppc64" -a x$OS = x"rh" ]; then
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
else
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
fi
}

2
xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite
View File

@@ -128,7 +128,7 @@ GetSyncInfo () {
xCATCmd () {
# $1 is the xCAT server
# $2 is the command
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
}

2
xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat
View File

@@ -128,7 +128,7 @@ GetSyncInfo () {
xCATCmd () {
# $1 is the xCAT server
# $2 is the command
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
}

2
xCAT/postscripts/getcredentials.awk
View File

@@ -1,7 +1,7 @@
#!/usr/bin/awk -f
BEGIN {
if ((ENVIRON["USEOPENSSLFORXCAT"]) || (ENVIRON["AIX"])) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
server = "openssl s_client -quiet -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}

2
xCAT/postscripts/getpostscript.awk
View File

@@ -1,7 +1,7 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}

2
xCAT/postscripts/startsyncfiles.awk
View File

@@ -1,7 +1,7 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -connect " ENVIRON["XCATSERVER"] " 2> /dev/null"
server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " 2> /dev/null"
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}