[pve-devel] [PATCH apiclient v2 3/3] raise exception if manual fingerprint verification failed
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Dec 14 11:12:06 CET 2017
If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
changes v1 -> v2:
* raise the exception directly in the manual_verify_fingerprint, so
our caller does not need to do anything here. This removes also a
bug introduced by v1 where we did not checked the login response
correctly on a manual verification
PVE/APIClient/LWP.pm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 81906a1..20e3b56 100755
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -139,8 +139,7 @@ sub manual_verify_fingerprint {
my ($self, $fingerprint) = @_;
if (!$self->{manual_verification}) {
- warn "fingerprint: $fingerprint\n";
- return 0;
+ raise("fingerprint '$fingerprint' not verified, abort!\n");
}
print "The authenticity of host '$self->{host}' can't be established.\n" .
@@ -153,6 +152,8 @@ sub manual_verify_fingerprint {
$self->{cached_fingerprints}->{$fingerprint} = $valid;
+ raise("Fingerprint not verified, abort!\n") if !$valid;
+
if (my $cb = $self->{register_fingerprint_cb}) {
$cb->($fingerprint) if $valid;
}
--
2.11.0
More information about the pve-devel
mailing list