From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7A3F5696DF for ; Tue, 27 Jul 2021 07:51:38 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 63C2A161F2 for ; Tue, 27 Jul 2021 07:51:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 32143161E6 for ; Tue, 27 Jul 2021 07:51:07 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EF9874069E for ; Tue, 27 Jul 2021 07:51:06 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Tue, 27 Jul 2021 07:51:05 +0200 Message-Id: <20210727055105.276923-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.503 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [influxdb.pm] Subject: [pve-devel] [PATCH manager] Status/InfluxDB: add 'ssl-verify' option to disable ssl verification X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2021 05:51:38 -0000 Makes it easier to test https without creating a valid certificate or adding a ca to the ca-certificate store. Signed-off-by: Dominik Csapak --- PVE/Status/InfluxDB.pm | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/PVE/Status/InfluxDB.pm b/PVE/Status/InfluxDB.pm index fcb28800..6f0f8da6 100644 --- a/PVE/Status/InfluxDB.pm +++ b/PVE/Status/InfluxDB.pm @@ -55,7 +55,13 @@ sub properties { type => 'integer', minimum => 1, default => 25_000_000, - } + }, + 'ssl-verify' => { + description => "Set to 0 to disable ssl verification for https endpoints.", + type => 'boolean', + optional => 1, + default => 1, + }, }; } sub options { @@ -71,6 +77,7 @@ sub options { timeout => { optional => 1}, 'max-body-size' => { optional => 1 }, 'api-path-prefix' => { optional => 1 }, + 'ssl-verify' => { optional => 1 }, }; } @@ -141,10 +148,17 @@ sub send { my ($class, $connection, $data, $cfg) = @_; my $proto = $cfg->{influxdbproto} // 'udp'; + my $ssl_verify = $cfg->{'ssl-verify'} // 1; if ($proto eq 'udp') { return $class->SUPER::send($connection, $data, $cfg); } elsif ($proto =~ m/^https?$/) { my $ua = LWP::UserAgent->new(); + if (!$ssl_verify) { + $ua->ssl_opts( + verify_hostname => 0, + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, + ); + } $ua->timeout($cfg->{timeout} // 1); $connection->content($data); my $response = $ua->request($connection); @@ -223,11 +237,18 @@ sub test_connection { my ($class, $cfg, $id) = @_; my $proto = $cfg->{influxdbproto} // 'udp'; + my $ssl_verify = $cfg->{'ssl-verify'} // 1; if ($proto eq 'udp') { return $class->SUPER::test_connection($cfg, $id); } elsif ($proto =~ m/^https?$/) { my $url = _get_v2url($cfg, "health"); my $ua = LWP::UserAgent->new(); + if (!$ssl_verify) { + $ua->ssl_opts( + verify_hostname => 0, + SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, + ); + } $ua->timeout($cfg->{timeout} // 1); # in the initial add connection test, the token may still be in $cfg my $token = $cfg->{token} // get_credentials($id, 1); -- 2.30.2