From 669561e649180de4c69dfe52b9804a7cc88405cb Mon Sep 17 00:00:00 2001
From: immarvin <yangsbj@cn.ibm.com>
Date: Tue, 25 Apr 2017 04:34:31 -0400
Subject: [PATCH] xcat command returns 0 when cmd fails due authorization
 #2636: prompt meaningful message for user if client certificates not setup
 correctly; specify SSL_verify_mode => SSL_VERIFY_NONE explicitly for
 IO::Socket::SSL->start_SSL

---
 perl-xCAT/xCAT/Client.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/perl-xCAT/xCAT/Client.pm b/perl-xCAT/xCAT/Client.pm
index 9aa8cfd0e..079a62155 100644
--- a/perl-xCAT/xCAT/Client.pm
+++ b/perl-xCAT/xCAT/Client.pm
@@ -265,7 +265,11 @@ sub submit_request {
             %sslargs,
         );
     } else {
+        print "warning: the client certificates under $homedir/.xcat/ are not setup correctly, please run '/opt/xcat/share/xcat/scripts/setup-local-client.sh"." $ENV{'USER'}' as 'root' to generate the client certificates; otherwise, the SSL connection between xcat client and xcatd will be setup without certificate verification and open to Man-In-The-Middle attacks.\n";
+        #Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client is deprecated!
+        #need to specify SSL_verify_mode => SSL_VERIFY_NONE explicitly 
         $client = IO::Socket::SSL->start_SSL($pclient,
+            SSL_verify_mode => SSL_VERIFY_NONE,
             Timeout => 0,
         );
     }