issue 1171: set SSL_verifycn_scheme => none for IO::Socket::SSL->new

perl-xCAT/xCAT/Client.pm

@@ -249,6 +249,7 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML
     SSL_cert_file => $certfile,
     SSL_ca_file => $cafile,
     SSL_verify_mode => SSL_VERIFY_PEER,
+    SSL_verifycn_scheme => "none",
     SSL_use_cert => 1,
     Timeout => 0,
     %sslargs,

xCAT-client/bin/pasu

@@ -242,7 +242,8 @@ sub expandnoderange {
                 SSL_cert_file=>$homedir."/.xcat/client-cred.pem",
                 SSL_ca_file => $homedir."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
                 %sslargs,
              );
   die "Connection failure: $!\n" unless ($client);
@@ -297,7 +298,8 @@ sub getipmiattrs {
                 SSL_cert_file=>$homedir."/.xcat/client-cred.pem",
                 SSL_ca_file => $homedir."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
                 %sslargs,
              );
   die "Connection failure: $!\n" unless ($client);

xCAT-client/bin/pping

@@ -72,7 +72,8 @@ else { 		# the normal case of the user running the cmd - expand the noderange us
                 SSL_cert_file=> xCAT::Utils->getHomeDir()."/.xcat/client-cred.pem",
                 SSL_ca_file =>  xCAT::Utils->getHomeDir()."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
 		%sslargs,
              );
 	die "Connection failure: $!\n" unless ($client);

xCAT-client/bin/ppping

@@ -90,6 +90,7 @@ my $client = IO::Socket::SSL->new(
                 SSL_use_cert => 1,
 		%sslargs,
                 SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
              );
 die "Connection failure: $!\n" unless ($client);
 my %cmdref = (command => 'noderange', noderange => $noderange);

xCAT-client/bin/prsync

@@ -74,7 +74,8 @@ my $client = IO::Socket::SSL->new(
                 SSL_cert_file=>$homedir."/.xcat/client-cred.pem",
                 SSL_ca_file => $homedir."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
                 %sslargs,
              );
 die "Connection failure: $!\n" unless ($client);

xCAT-client/bin/pscp

@@ -71,7 +71,8 @@ my $client = IO::Socket::SSL->new(
                 SSL_cert_file=>$homedir."/.xcat/client-cred.pem",
                 SSL_ca_file => $homedir."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
                 %sslargs,
              );
 die "Connection failure: $!\n" unless ($client);

xCAT-client/bin/psh

@@ -71,7 +71,8 @@ else {
                 SSL_cert_file=>$homedir."/.xcat/client-cred.pem",
                 SSL_ca_file => $homedir."/.xcat/ca.pem",
                 SSL_use_cert => 1,
-                SSL_verify_mode => 1,
+                SSL_verify_mode => SSL_VERIFY_PEER,
+                SSL_verifycn_scheme => "none",
                 %sslargs,
              );
   die "Connection failure: $!\n" unless ($client);

xCAT-server/xCAT-wsapi/restapi.pl

@@ -2477,6 +2477,8 @@ sub sendRequest {
             SSL_key_file  => $keyfile,
             SSL_cert_file => $certfile,
             SSL_ca_file   => $cafile,
+            SSL_verify_mode => SSL_VERIFY_PEER,
+            SSL_verifycn_scheme => "none",
             SSL_use_cert  => 1,
             Timeout       => 15,);
     }

xCAT-server/xCAT-wsapi/xcatws.cgi

@@ -2991,6 +2991,8 @@ sub sendRequest {
             SSL_key_file  => $keyfile,
             SSL_cert_file => $certfile,
             SSL_ca_file   => $cafile,
+            SSL_verify_mode => SSL_VERIFY_PEER,
+            SSL_verifycn_scheme => "none",
             SSL_use_cert  => 1,
             Timeout       => 15,);
     }