From eeec7c6d4f4ff8247a5fde3f6ca5552bb989d633 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Fri, 13 Feb 2015 03:07:51 -0500 Subject: [PATCH] Continue the change for avoiding sslv3 --- xCAT-client/bin/pping | 6 ++++++ xCAT-client/bin/ppping | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/xCAT-client/bin/pping b/xCAT-client/bin/pping index 40af26b2e..66f5f6231 100755 --- a/xCAT-client/bin/pping +++ b/xCAT-client/bin/pping @@ -59,6 +59,11 @@ if ($::NOEXPAND) { # this is when ppping is calling us and has already expanded @nodes = split(/,/, $noderange); } else { # the normal case of the user running the cmd - expand the noderange using xcatd + my %sslargs; + if (defined($ENV{'XCATSSLVER'})) { + $sslargs{SSL_version} = $ENV{'XCATSSLVER'}; + } + my $client = IO::Socket::SSL->new( PeerAddr=>$xcathost, SSL_key_file=> xCAT::Utils->getHomeDir()."/.xcat/client-cred.pem", @@ -66,6 +71,7 @@ else { # the normal case of the user running the cmd - expand the noderange us SSL_ca_file => xCAT::Utils->getHomeDir()."/.xcat/ca.pem", SSL_use_cert => 1, SSL_verify_mode => 1, + %sslargs, ); die "Connection failure: $!\n" unless ($client); my %cmdref = (command => 'noderange', noderange => $noderange); diff --git a/xCAT-client/bin/ppping b/xCAT-client/bin/ppping index 1dcad30ad..f570d3c02 100755 --- a/xCAT-client/bin/ppping +++ b/xCAT-client/bin/ppping @@ -77,12 +77,18 @@ my $noderange = $ARGV[0]; my @user = getpwuid($>); my $homedir=$user[7]; +my %sslargs; +if (defined($ENV{'XCATSSLVER'})) { + $sslargs{SSL_version} = $ENV{'XCATSSLVER'}; +} + my $client = IO::Socket::SSL->new( PeerAddr=>$xcathost, SSL_key_file=>$homedir."/.xcat/client-cred.pem", SSL_cert_file=>$homedir."/.xcat/client-cred.pem", SSL_ca_file => $homedir."/.xcat/ca.pem", SSL_use_cert => 1, + %sslargs, #SSL_verify_mode => 1, ); die "Connection failure: $!\n" unless ($client);