| Message ID | 20220203111613.13632-7-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 954dbdadcf0915c3f0f31bee818b99d3d1843ae9 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JqGMX4r76z3wp0 for <patchwork@web04.haj.ipfire.org>; Thu, 3 Feb 2022 11:16:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JqGMJ1w0Bz2KY; Thu, 3 Feb 2022 11:16:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JqGMJ26pvz30JB; Thu, 3 Feb 2022 11:16:28 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JqGMH0516z2xFK for <development@lists.ipfire.org>; Thu, 3 Feb 2022 11:16:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4JqGMD26Mbz4nW; Thu, 3 Feb 2022 11:16:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1643886984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=C3OTNbSPLxmlCphwXjYJHIrGXyGfukqxq7XP+okFJtk=; b=qFIVoc4XdUxljB1ljsWyMkBJRABf4oPGBD5S0c3Kdwquo8k/7PdMiXRcu1KdR/GM0rju5E wTyse8JwfVGjwMDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1643886984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=C3OTNbSPLxmlCphwXjYJHIrGXyGfukqxq7XP+okFJtk=; b=deurUON4RkY2Zhx2n3H/ksrlTO9msm8dTeCunM/ggsCqrkg5Qe7/b/82Pm82/bYhJYmqb8 yANbpv8NhSkcH0iSx6T9a+fsaeFOTtaWlGoSF4RebCgZ6OhvUPO/203LJ/A+60YHLpo5JA p7Sbj/+g442MjD/Sq6itSQvMlAj3LdUKOjn/dJQkC7G9fkGTrx5JClzzKRhcz/uFU57xwX Mb2ivPE5quwWhOY+0ys3DnzACSpLhBYd9EHDA62iUHiOdw+4weV7EPXKH8Dnfq1LffBaSg xXWGas0jVU8KgsxkKxI1KAzgZd/zODAXdom6xYZivAGyDWZu2nBOjUL3z9WLNw== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 7/8] ids-functions.pl: Adjust code to deal with new LWP::UserAgent. Date: Thu, 3 Feb 2022 12:16:12 +0100 Message-Id: <20220203111613.13632-7-stefan.schantl@ipfire.org> In-Reply-To: <20220203111613.13632-1-stefan.schantl@ipfire.org> References: <20220203111613.13632-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[1/8] perl-Try-Tiny: New package.
|
|
Commit Message
Stefan Schantl
Feb. 3, 2022, 11:16 a.m. UTC
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/cfgroot/ids-functions.pl | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
Comments
Interesting to see this requires certificate validation to be actively enabled. I wonder how many Perl projects using LWP are vulnerable to TLS interception by self-signed/untrusted certificates... :-/ Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/cfgroot/ids-functions.pl | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl > index 74d55def6..bf02bcbaa 100644 > --- a/config/cfgroot/ids-functions.pl > +++ b/config/cfgroot/ids-functions.pl > @@ -281,7 +281,15 @@ sub downloadruleset ($) { > use LWP::UserAgent; > > # Init the download module. > - my $downloader = LWP::UserAgent->new; > + # > + # Request SSL hostname verification and specify path > + # to the CA file. > + my $downloader = LWP::UserAgent->new( > + ssl_opts => { > + SSL_ca_file => '/etc/ssl/cert.pem', > + verify_hostname => 1, > + } > + ); > > # Set timeout to 10 seconds. > $downloader->timeout(10);
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> On 03/02/2022 12:16, Stefan Schantl wrote: > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > config/cfgroot/ids-functions.pl | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl > index 74d55def6..bf02bcbaa 100644 > --- a/config/cfgroot/ids-functions.pl > +++ b/config/cfgroot/ids-functions.pl > @@ -281,7 +281,15 @@ sub downloadruleset ($) { > use LWP::UserAgent; > > # Init the download module. > - my $downloader = LWP::UserAgent->new; > + # > + # Request SSL hostname verification and specify path > + # to the CA file. > + my $downloader = LWP::UserAgent->new( > + ssl_opts => { > + SSL_ca_file => '/etc/ssl/cert.pem', > + verify_hostname => 1, > + } > + ); > > # Set timeout to 10 seconds. > $downloader->timeout(10);
diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 74d55def6..bf02bcbaa 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -281,7 +281,15 @@ sub downloadruleset ($) { use LWP::UserAgent; # Init the download module. - my $downloader = LWP::UserAgent->new; + # + # Request SSL hostname verification and specify path + # to the CA file. + my $downloader = LWP::UserAgent->new( + ssl_opts => { + SSL_ca_file => '/etc/ssl/cert.pem', + verify_hostname => 1, + } + ); # Set timeout to 10 seconds. $downloader->timeout(10);