[pve-devel] [PATCH 1/2] When we use LWP::UserAgent always use IO::Socket::SSL and set it up in a proper way.
Wolfgang Link
w.link at proxmox.com
Wed Feb 24 10:15:25 CET 2016
This patch set up the IO::Socket::SSL that all proxy(transparent, https and http) and non proxy settings will work.
Now the server will also be verified.
---
PVE/API2/Subscription.pm | 22 +++++++++++-----------
PVE/APLInfo.pm | 35 ++++++++++++++++++++++++-----------
2 files changed, 35 insertions(+), 22 deletions(-)
diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
index 47cd408..0bf2066 100644
--- a/PVE/API2/Subscription.pm
+++ b/PVE/API2/Subscription.pm
@@ -224,19 +224,19 @@ sub check_subscription {
$req->header('Content-Length' => length($content));
$req->content($content);
- my $ua = LWP::UserAgent->new(protocols_allowed => ['https'], timeout => 30);
- $ua->ssl_opts(verify_hostname => 0); # don't care
+ my $ua = LWP::UserAgent->new( timeout => 30);
- # HACK: LWP does not use proxy 'CONNECT' for https
- local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = "Net::SSL";
- local ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD});
+ # HACK: LWP to be sure IO::Socket::SSL is ued.
+ local $ENV{PERL_NET_HTTPS_SSL_SOCKET_CLASS} = "IO::Socket::SSL";
if ($proxy) {
- # some proxies reject connection if UserAgent header is not set
- Net::SSL::send_useragent_to_proxy(1);
- ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD}) =
- PVE::API2Tools::parse_http_proxy($proxy);
- $ua->proxy(['http'], $proxy);
+ my ($host, $user, $passwd) = PVE::API2Tools::parse_http_proxy($proxy);
+
+ if ($user && $passwd) {
+ $ua->proxy(['https', 'http'], 'connect://'."$user:$passwd".'@'.$host);
+ } else {
+ $ua->proxy(['https', 'http'], 'connect://'.$host);
+ }
} else {
$ua->env_proxy;
}
@@ -344,7 +344,7 @@ __PACKAGE__->register_method ({
my $age = time() - $info->{checktime};
return undef if $age < $localkeydays*60*60*24;
}
-
+
my $key = $info->{key};
$info = check_subscription($key);
diff --git a/PVE/APLInfo.pm b/PVE/APLInfo.pm
index 16e60a5..ec49088 100644
--- a/PVE/APLInfo.pm
+++ b/PVE/APLInfo.pm
@@ -144,10 +144,29 @@ sub read_aplinfo {
}
sub url_get {
- my ($ua, $url, $file, $logfh) = @_;
+ my ($ua, $url, $file, $logfh, $proxy) = @_;
my $req = HTTP::Request->new(GET => $url);
+ if ($proxy) {
+ my ($host, $user, $passwd) = PVE::API2Tools::parse_http_proxy($proxy);
+ if ($url =~ m/^https:\/\//) {
+ if ($user && $passwd) {
+ $ua->proxy(['https', 'http'], 'connect://'."$user:$passwd".'@'.$host);
+ } else {
+ $ua->proxy(['https', 'http'], 'connect://'.$host);
+ }
+ } else {
+ local ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD});
+ ($ENV{HTTPS_PROXY}, $ENV{HTTPS_PROXY_USERNAME}, $ENV{HTTPS_PROXY_PASSWORD}) =
+ PVE::API2Tools::parse_http_proxy($proxy);
+
+ $ua->proxy(['http', 'https'], $proxy);
+ }
+ } else {
+ $ua->env_proxy;
+ }
+
logmsg ($logfh, "start download $url");
my $res = $ua->request($req, $file);
@@ -162,7 +181,7 @@ sub url_get {
}
sub download_aplinfo {
- my ($ua, $aplurl, $host, $logfd) = @_;
+ my ($ua, $aplurl, $host, $logfd, $proxy) = @_;
my $aplsrcurl = "$aplurl/aplinfo.dat.gz";
my $aplsigurl = "$aplurl/aplinfo.dat.asc";
@@ -173,11 +192,11 @@ sub download_aplinfo {
eval {
- if (url_get($ua, $aplsigurl, $sigfn, $logfd) != 0) {
+ if (url_get($ua, $aplsigurl, $sigfn, $logfd, $proxy) != 0) {
die "update failed - no signature file '$sigfn'\n";
}
- if (url_get($ua, $aplsrcurl, $tmpgz, $logfd) != 0) {
+ if (url_get($ua, $aplsrcurl, $tmpgz, $logfd, $proxy) != 0) {
die "update failed - no data file '$aplsrcurl'\n";
}
@@ -272,12 +291,6 @@ sub update {
my $ua = LWP::UserAgent->new;
$ua->agent("PVE/1.0");
- if ($proxy) {
- $ua->proxy(['http', 'https'], $proxy);
- } else {
- $ua->env_proxy;
- }
-
my $urls = get_apl_sources();
mkdir $aplinfodir;
@@ -287,7 +300,7 @@ sub update {
eval {
my $uri = URI->new($aplurl);
my $host = $uri->host();
- download_aplinfo($ua, $aplurl, $host, $logfd);
+ download_aplinfo($ua, $aplurl, $host, $logfd, $proxy);
};
if (my $err = $@) {
logmsg ($logfd, $err);
--
2.1.4
More information about the pve-devel
mailing list