summaryrefslogtreecommitdiffstats
path: root/lib/puppet/network/xmlrpc/client.rb
diff options
context:
space:
mode:
authorJeffrey J McCune <jeff@northstarlabs.net>2007-11-29 09:29:08 -0500
committerJeffrey J McCune <jeff@northstarlabs.net>2007-11-29 09:29:08 -0500
commitf94d6d3394dd0fa9ecf06b727cb7234fede7c960 (patch)
tree2125377ca163ad4c1da1a10dd1b2756c29fb8cef /lib/puppet/network/xmlrpc/client.rb
parent8eecbe54c96cec0de492e7ae77211637b65057e8 (diff)
downloadpuppet-f94d6d3394dd0fa9ecf06b727cb7234fede7c960.tar.gz
puppet-f94d6d3394dd0fa9ecf06b727cb7234fede7c960.tar.xz
puppet-f94d6d3394dd0fa9ecf06b727cb7234fede7c960.zip
As per lutter; augmented fix for #896 to be configurable and defaulting to validate the server certificate, honoring CVE-2007-5162.
Diffstat (limited to 'lib/puppet/network/xmlrpc/client.rb')
-rw-r--r--lib/puppet/network/xmlrpc/client.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/puppet/network/xmlrpc/client.rb b/lib/puppet/network/xmlrpc/client.rb
index 371648b61..5283daf5f 100644
--- a/lib/puppet/network/xmlrpc/client.rb
+++ b/lib/puppet/network/xmlrpc/client.rb
@@ -49,6 +49,12 @@ module Puppet::Network
@http.use_ssl = true
@http.read_timeout = 120
@http.open_timeout = 120
+ # JJM Configurable fix for #896.
+ if Puppet[:http_enable_post_connection_check]
+ @http.enable_post_connection_check = true
+ else
+ @http.enable_post_connection_check = false
+ end
@@http_cache[key] = @http if Puppet[:http_keepalive]
@@ -147,7 +153,6 @@ module Puppet::Network
@http.cert = client.cert
@http.verify_mode = OpenSSL::SSL::VERIFY_PEER
@http.key = client.key
- @http.enable_post_connection_check = false
end
end
generated by cgit (git 2.34.1) at 2024-11-12 11:41:10 +0000