[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-API] [PATCH] add primitive SSL cert verification
# HG changeset patch # User David Scott <dave.scott@xxxxxxxxxxxxx> # Date 1261493243 0 # Node ID 2680884fb5c9752e32bc40cc0644ac6015823770 # Parent 7e4670b5a046dd914812272b81f9d8be55e5aa00 CA-36092: Modifying Stunnel.connect's verify_cert argument to be tri-state. The values are: Some true -> do verification Some false -> don't do verification None -> do verification if the file /var/xapi/verify_certificates exists Signed-off-by: Magnus Therning <magnus.therning@xxxxxxxxxxxxx> Acked-by: David Scott <dave.scott@xxxxxxxxxxxxx> diff -r 7e4670b5a046 -r 2680884fb5c9 stunnel/stunnel.ml --- a/stunnel/stunnel.ml Tue Dec 22 11:37:00 2009 +0000 +++ b/stunnel/stunnel.ml Tue Dec 22 14:47:23 2009 +0000 @@ -23,6 +23,7 @@ let certificate_path = "/etc/stunnel/certs" let crl_path = "/etc/stunnel/crls" +let verify_certificates_ctrl = "/var/xapi/verify_certificates" let use_new_stunnel = ref false let new_stunnel_path = "/usr/sbin/stunnelng" @@ -265,10 +266,20 @@ @param extended_diagnosis If true, the stunnel log file will not be deleted. Instead, it is the caller's responsibility to delete it. This allows the caller to use diagnose_failure below if stunnel fails. *) -let connect ?unique_id ?use_external_fd_wrapper ?write_to_log - ?(verify_cert=false) ?(extended_diagnosis=false) host port = - let connect = if !use_new_stunnel then attempt_one_connect_new else attempt_one_connect in - retry (fun () -> connect ?unique_id ?use_external_fd_wrapper ?write_to_log verify_cert extended_diagnosis host port) 5 +let connect + ?unique_id + ?use_external_fd_wrapper + ?write_to_log + ?verify_cert + ?(extended_diagnosis=false) + host + port = + let connect = if !use_new_stunnel then attempt_one_connect_new else attempt_one_connect in + let _verify_cert = match verify_cert with + | Some x -> x + | None -> Sys.file_exists verify_certificates_ctrl + in + retry (fun () -> connect ?unique_id ?use_external_fd_wrapper ?write_to_log _verify_cert extended_diagnosis host port) 5 let sub_after i s = let len = String.length s in 1 file changed, 15 insertions(+), 4 deletions(-) stunnel/stunnel.ml | 19 +++++++++++++++---- Attachment:
add_verification.patch _______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-api
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |