--- loncom/lonssl.pm 2018/12/03 03:40:39 1.20
+++ loncom/lonssl.pm 2018/12/10 17:34:22 1.21
@@ -1,5 +1,5 @@
#
-# $Id: lonssl.pm,v 1.20 2018/12/03 03:40:39 raeburn Exp $
+# $Id: lonssl.pm,v 1.21 2018/12/10 17:34:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -112,11 +112,12 @@ sub SetFdBlocking {
# Socket IO::Socket::INET Original ordinary socket.
# CACert string Full path name to the certificate
# authority certificate file.
-# MyCert string Full path name to the certificate
+# MyCert string Full path name to the certificate
# issued to this host.
-# KeyFile string Full pathname to the host's private
+# KeyFile string Full pathname to the host's private
# key file for the certificate.
-# peer string lonHostID of remote LON-CAPA server
+# peer string lonid of remote LON-CAPA server
+# peerdef string default lonHostID of remote server
# CRLFile Full path name to the certificate
# revocation list file for the cluster
# to which server belongs (optional)
@@ -134,6 +135,7 @@ sub PromoteClientSocket {
$MyCert,
$KeyFile,
$peer,
+ $peerdef,
$CRLFile) = @_;
Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");
@@ -158,12 +160,17 @@ sub PromoteClientSocket {
# Set SSL_verify_mode to Net::SSLeay::VERIFY_PEER() instead of to
# SSL_VERIFY_PEER for compatibility with IO::Socket::SSL rev. 1.01
# used by CentOS/RHEL/Scientific Linux 5).
-
+
+ my $verify_cn = $peerdef;
+ if ($verify_cn eq '') {
+ $verify_cn = $peer;
+ }
+
my %sslargs = (SSL_use_cert => 1,
SSL_key_file => $KeyFile,
SSL_cert_file => $MyCert,
SSL_ca_file => $CACert,
- SSL_verifycn_name => $peer,
+ SSL_verifycn_name => $verify_cn,
SSL_verify_mode => Net::SSLeay::VERIFY_PEER());
if (($CRLFile ne '') && (-e $CRLFile)) {
$sslargs{SSL_check_crl} = 1;