xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-08-21 10:40:24 +00:00
Code Issues Releases Wiki Activity

Partly revert "Revise openssl settings for RHEL 8 (#5967)" (#6144)

Browse Source 
* Put "openssl s_client" command line argument "-no_ssl2" back.

This reverts commit ec56baf36f.
This commit is contained in:
Gᴏɴɢ Jie
2019-03-21 16:27:13 +08:00
committed by yangsong
parent 92170ed113
commit 00bf5d432c
7 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk
View File

@@ -69,11 +69,16 @@ xCATCmd () {
ARCH=`uname -m`
if [ x$ARCH = x"ppc64" -a x$OS = x"rh" ]; then
/usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 \
$(/usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -help 2>&1 |
grep -m 1 -o -- -no_ssl2) \
-connect ${1} -rand /bin/bash 2>/dev/null \
<<<"<xcatrequest><command>${2}</command></xcatrequest>"
else
LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 \
${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 \
$(LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 \
${MNTDIR}/usr/bin/openssl s_client -help 2>&1 |
grep -m 1 -o -- -no_ssl2) \
-connect ${1} -rand /bin/bash 2>/dev/null \
<<<"<xcatrequest><command>${2}</command></xcatrequest>"
fi

2
xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite
View File

@@ -128,7 +128,7 @@ GetSyncInfo () {
xCATCmd () {
# $1 is the xCAT server
# $2 is the command
LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -connect ${1} -rand /bin/bash 2>/dev/null <<<"<xcatrequest><command>${2}</command></xcatrequest>"
LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 $(LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/bash 2>/dev/null <<<"<xcatrequest><command>${2}</command></xcatrequest>"
}

2
xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat
View File

@@ -128,7 +128,7 @@ GetSyncInfo () {
xCATCmd () {
# $1 is the xCAT server
# $2 is the command
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -connect ${1} -rand /bin/nice 2>/dev/null
echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 $(/usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/nice 2>/dev/null
}

3
xCAT/postscripts/getcredentials.awk
View File

@@ -2,6 +2,9 @@
BEGIN {
if ((ENVIRON["USEOPENSSLFORXCAT"]) || (ENVIRON["AIX"])) {
server = "openssl s_client -quiet -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
if (!system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
server = "openssl s_client -quiet -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
}
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}

3
xCAT/postscripts/getpostscript.awk
View File

@@ -2,6 +2,9 @@
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
if (!system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
}
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}

2
xCAT/postscripts/startsyncfiles
View File

@@ -42,7 +42,7 @@ while read LINE;do
RET=${RET%<*}
[ "$RET" != "0" ] && RETCODE=1
fi
done < <(openssl s_client -no_ssl3 -connect $MASTER_IP:$XCATDPORT -ign_eof -quiet <<<$REQUEST)
done < <(openssl s_client -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect $MASTER_IP:$XCATDPORT -ign_eof -quiet <<<$REQUEST)
rm -rf $RESPFILE
exit $RETCODE

5
xCAT/postscripts/startsyncfiles.awk
View File

@@ -1,7 +1,10 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -no_ssl3 -connect " ENVIRON["XCATSERVER"] " 2> /dev/null"
server = "openssl s_client -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
if (!system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
}
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}