fix(xen-api): accept TLSv1 which is used by XenServer 6.5 (#4837)

Fixes xoa-support#2216
This commit is contained in:
Julien Fontanet 2020-03-02 17:35:55 +01:00 committed by GitHub
parent 59fddf7c59
commit 2a7f8c5229
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 9 deletions

View File

@ -12,6 +12,7 @@
> Users must be able to say: “I had this issue, happy to know it's fixed”
- [Backup reports] Fix backup report not sent in case of interrupted backup job (PR [#4772](https://github.com/vatesfr/xen-orchestra/pull/4772))
- Fix TLS error (`unsupported protocol`) with XenServer <= 6.5 and Node >= 12 (PR [#8437](https://github.com/vatesfr/xen-orchestra/pull/8437))
### Released packages

View File

@ -777,7 +777,10 @@ export class Xapi extends EventEmitter {
_setUrl(url) {
this._humanId = `${this._auth.user}@${url.hostname}`
this._transport = autoTransport({
allowUnauthorized: this._allowUnauthorized,
secureOptions: {
minVersion: 'TLSv1',
rejectUnauthorized: !this._allowUnauthorized,
},
url,
})
this._url = url

View File

@ -6,11 +6,11 @@ import XapiError from '../_XapiError'
import UnsupportedTransport from './_UnsupportedTransport'
// https://github.com/xenserver/xenadmin/blob/0df39a9d83cd82713f32d24704852a0fd57b8a64/XenModel/XenAPI/Session.cs#L403-L433
export default ({ allowUnauthorized, url }) => {
export default ({ secureOptions, url }) => {
return (method, args) =>
httpRequestPlus
.post(url, {
rejectUnauthorized: !allowUnauthorized,
...secureOptions,
body: format.request(0, method, args),
headers: {
Accept: 'application/json',

View File

@ -74,12 +74,13 @@ const parseResult = result => {
throw new UnsupportedTransport()
}
export default ({ allowUnauthorized, url: { hostname, port, protocol } }) => {
const client = (protocol === 'https:' ? createSecureClient : createClient)({
export default ({ secureOptions, url: { hostname, port, protocol } }) => {
const secure = protocol === 'https:'
const client = (secure ? createSecureClient : createClient)({
...(secure ? secureOptions : undefined),
host: hostname,
path: '/json',
port,
rejectUnauthorized: !allowUnauthorized,
})
const call = promisify(client.methodCall, client)

View File

@ -34,11 +34,12 @@ const parseResult = result => {
return result.Value
}
export default ({ allowUnauthorized, url: { hostname, port, protocol } }) => {
const client = (protocol === 'https:' ? createSecureClient : createClient)({
export default ({ secureOptions, url: { hostname, port, protocol } }) => {
const secure = protocol === 'https:'
const client = (secure ? createSecureClient : createClient)({
...(secure ? secureOptions : undefined),
host: hostname,
port,
rejectUnauthorized: !allowUnauthorized,
})
const call = promisify(client.methodCall, client)