xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-05-29 09:13:08 +00:00
Code Issues Releases Wiki Activity

Set the default value of site.xcatsslversion to SSLv23:!SSLv2:!SSLv3:!TLSv1 (#6061)

Browse Source 
* Set $extrasslargs{SSL_version} as "SSLv23:!SSLv2:!SSLv3:!TLSv1" by default

* Remove xcatsslversion related part in script xcatconfig
This commit is contained in:
Gᴏɴɢ Jie 2019-03-11 17:40:53 +08:00 committed by Bin Xu
parent dda1564f71
commit 59bc53f573
2 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
xCAT-server/sbin/xcatconfig
View File

@ -1206,7 +1206,6 @@ sub initDB
$chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=auditskipcmds site.value=ALL;";
#$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031
@ -1472,19 +1471,6 @@ sub initDB
xCAT::MsgUtils->message('E', "Could not set ddns as dnshandler.");
}
}
# Set default value for site.xcatsslversion when update xcat
$cmds = "XCATBYPASS=Y $::XCATROOT/sbin/tabdump site 2>/dev/null |grep xcatsslversion";
xCAT::Utils->runcmd("$cmds", -1);
if ($::RUNCMD_RC != 0) {
# if site.xcatsslversion was not set, then set the default value TLSv1_2
$cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1_2;";
xCAT::Utils->runcmd("$cmds", 0);
if ($::RUNCMD_RC != 0) {
xCAT::MsgUtils->message('E', "Could not add default value for site.xcatsslversion.");
}
}
}
# remove xcatserver,xcatclient

3
xCAT-server/sbin/xcatd
View File

@ -1548,7 +1548,10 @@ until ($quit) {
populate_site_hash();
my %extrasslargs;
if ($::XCATSITEVALS{xcatsslversion}) { $extrasslargs{SSL_version} = $::XCATSITEVALS{xcatsslversion}; }
$extrasslargs{SSL_version} = "SSLv23:!SSLv2:!SSLv3:!TLSv1" unless length $extrasslargs{SSL_version};
if ($::XCATSITEVALS{xcatsslciphers}) { $extrasslargs{SSL_cipher_list} = $::XCATSITEVALS{xcatsslciphers}; }
use Data::Dumper;