fix(xen-api): accept TLSv1 which is used by XenServer 6.5 (#4837)

Fixes xoa-support#2216
2020-03-02 17:35:55 +01:00 · 2020-03-02 17:35:55 +01:00 · 2a7f8c5229
commit 2a7f8c5229
parent 59fddf7c59
5 changed files with 15 additions and 9 deletions
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@ -12,6 +12,7 @@
 > Users must be able to say: “I had this issue, happy to know it's fixed”

 - [Backup reports] Fix backup report not sent in case of interrupted backup job (PR [#4772](https://github.com/vatesfr/xen-orchestra/pull/4772))
+- Fix TLS error (`unsupported protocol`) with XenServer <= 6.5 and Node >= 12 (PR [#8437](https://github.com/vatesfr/xen-orchestra/pull/8437))

 ### Released packages

--- a/packages/xen-api/src/index.js
+++ b/packages/xen-api/src/index.js
@ -777,7 +777,10 @@ export class Xapi extends EventEmitter {
  _setUrl(url) {
    this._humanId = `${this._auth.user}@${url.hostname}`
    this._transport = autoTransport({
-      allowUnauthorized: this._allowUnauthorized,
+      secureOptions: {
+        minVersion: 'TLSv1',
+        rejectUnauthorized: !this._allowUnauthorized,
+      },
      url,
    })
    this._url = url
--- a/packages/xen-api/src/transports/json-rpc.js
+++ b/packages/xen-api/src/transports/json-rpc.js
@ -6,11 +6,11 @@ import XapiError from '../_XapiError'
 import UnsupportedTransport from './_UnsupportedTransport'

 // https://github.com/xenserver/xenadmin/blob/0df39a9d83cd82713f32d24704852a0fd57b8a64/XenModel/XenAPI/Session.cs#L403-L433
-export default ({ allowUnauthorized, url }) => {
+export default ({ secureOptions, url }) => {
  return (method, args) =>
    httpRequestPlus
      .post(url, {
-        rejectUnauthorized: !allowUnauthorized,
+        ...secureOptions,
        body: format.request(0, method, args),
        headers: {
          Accept: 'application/json',
--- a/packages/xen-api/src/transports/xml-rpc-json.js
+++ b/packages/xen-api/src/transports/xml-rpc-json.js
@ -74,12 +74,13 @@ const parseResult = result => {
  throw new UnsupportedTransport()
 }

-export default ({ allowUnauthorized, url: { hostname, port, protocol } }) => {
-  const client = (protocol === 'https:' ? createSecureClient : createClient)({
+export default ({ secureOptions, url: { hostname, port, protocol } }) => {
+  const secure = protocol === 'https:'
+  const client = (secure ? createSecureClient : createClient)({
+    ...(secure ? secureOptions : undefined),
    host: hostname,
    path: '/json',
    port,
-    rejectUnauthorized: !allowUnauthorized,
  })
  const call = promisify(client.methodCall, client)

--- a/packages/xen-api/src/transports/xml-rpc.js
+++ b/packages/xen-api/src/transports/xml-rpc.js
@ -34,11 +34,12 @@ const parseResult = result => {
  return result.Value
 }

-export default ({ allowUnauthorized, url: { hostname, port, protocol } }) => {
-  const client = (protocol === 'https:' ? createSecureClient : createClient)({
+export default ({ secureOptions, url: { hostname, port, protocol } }) => {
+  const secure = protocol === 'https:'
+  const client = (secure ? createSecureClient : createClient)({
+    ...(secure ? secureOptions : undefined),
    host: hostname,
    port,
-    rejectUnauthorized: !allowUnauthorized,
  })
  const call = promisify(client.methodCall, client)