Fix github issue #5365. Proper handle the -no_ssl2 argument of openssl s_client (#5369)

2025-10-31 11:22:27 +00:00 · 2018-07-04 14:48:33 +08:00
parent 818e39de1b
commit da35f335b1
7 changed files with 18 additions and 9 deletions
--- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk
+++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk
@@ -68,9 +68,9 @@ xCATCmd () {
 # $2 is the command
    ARCH=`uname -m`
    if [ x$ARCH = x"ppc64" -a x$OS = x"rh" ]; then
-        echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
+        echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/nice 2>/dev/null
    else
-        echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
+        echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/nice 2>/dev/null
    fi
 }

--- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite
+++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite
@@ -128,7 +128,7 @@ GetSyncInfo () {
 xCATCmd () {
 # $1 is the xCAT server
 # $2 is the command
-	echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
+	echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/nice 2>/dev/null

 }

--- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat
+++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat
@@ -128,7 +128,7 @@ GetSyncInfo () {
 xCATCmd () {
 # $1 is the xCAT server
 # $2 is the command
-	echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null
+	echo "<xcatrequest>\n<command>${2}</command>\n</xcatrequest>" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect ${1} -rand /bin/nice 2>/dev/null

 }

--- a/xCAT/postscripts/getcredentials.awk
+++ b/xCAT/postscripts/getcredentials.awk
@@ -1,7 +1,10 @@
 #!/usr/bin/awk -f
 BEGIN {
        if ((ENVIRON["USEOPENSSLFORXCAT"]) || (ENVIRON["AIX"])) {
-            server = "openssl s_client -quiet -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            server = "openssl s_client -quiet -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            if (system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
+                server = "openssl s_client -quiet -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            }
        } else {
            server = "/inet/tcp/0/127.0.0.1/400"
        }
--- a/xCAT/postscripts/getpostscript.awk
+++ b/xCAT/postscripts/getpostscript.awk
@@ -1,11 +1,14 @@
 #!/usr/bin/awk -f
 BEGIN {
        if (ENVIRON["USEOPENSSLFORXCAT"]) {
-            server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            server = "openssl s_client -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            if (system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
+                server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+            }
        } else {
            server = "/inet/tcp/0/127.0.0.1/400"
        }
-        
+
        quit = "no"

        print "<xcatrequest>" |& server
--- a/xCAT/postscripts/startsyncfiles
+++ b/xCAT/postscripts/startsyncfiles
@@ -42,7 +42,7 @@ while read LINE;do
        RET=${RET%<*}
        [ "$RET" != "0" ] && RETCODE=1
    fi
-done < <(openssl s_client -no_ssl3 -no_ssl2 -connect $MASTER_IP:$XCATDPORT -ign_eof -quiet <<<$REQUEST)
+done < <(openssl s_client -no_ssl3 $(openssl s_client -help 2>&1 | grep -m 1 -o -- -no_ssl2) -connect $MASTER_IP:$XCATDPORT -ign_eof -quiet <<<$REQUEST)

 rm -rf $RESPFILE
 exit $RETCODE
--- a/xCAT/postscripts/startsyncfiles.awk
+++ b/xCAT/postscripts/startsyncfiles.awk
@@ -1,7 +1,10 @@
 #!/usr/bin/awk -f
 BEGIN {
  if (ENVIRON["USEOPENSSLFORXCAT"]) {
-      server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " 2> /dev/null"
+      server = "openssl s_client -no_ssl3 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null"
+      if (system("openssl s_client -help 2>&1 | grep -m 1 -q -- -no_ssl2")) {
+          server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " 2> /dev/null"
+      }
  } else {
      server = "/inet/tcp/0/127.0.0.1/400"
  }