Skip to content

Commit 5255fda

Browse files
author
Nathan Sullivan
committed
Merge branch 'x86-master'
2 parents eb0ece3 + 55ab497 commit 5255fda

File tree

1 file changed

+21
-9
lines changed

1 file changed

+21
-9
lines changed

pve2_api.class.php

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,13 @@ class PVE2_API {
3333
protected $realm;
3434
protected $password;
3535
protected $port;
36+
protected $verify_ssl;
3637

3738
protected $login_ticket = null;
3839
protected $login_ticket_timestamp = null;
3940
protected $cluster_node_list = null;
4041

41-
public function __construct ($hostname, $username, $realm, $password, $port = 8006) {
42+
public function __construct ($hostname, $username, $realm, $password, $port = 8006, $verify_ssl = false) {
4243
if (empty($hostname) || empty($username) || empty($realm) || empty($password) || empty($port)) {
4344
throw new PVE2_Exception("Hostname/Username/Realm/Password/Port required for PVE2_API object constructor.", 1);
4445
}
@@ -50,12 +51,17 @@ public function __construct ($hostname, $username, $realm, $password, $port = 80
5051
if (!is_int($port) || $port < 1 || $port > 65535) {
5152
throw new PVE2_Exception("Port must be an integer between 1 and 65535.", 6);
5253
}
54+
// Check that verify_ssl is boolean.
55+
if (!is_bool($verify_ssl)) {
56+
throw new PVE2_Exception("verify_ssl must be boolean.", 7);
57+
}
5358

54-
$this->hostname = $hostname;
55-
$this->username = $username;
56-
$this->realm = $realm;
57-
$this->password = $password;
58-
$this->port = $port;
59+
$this->hostname = $hostname;
60+
$this->username = $username;
61+
$this->realm = $realm;
62+
$this->password = $password;
63+
$this->port = $port;
64+
$this->verify_ssl = $verify_ssl;
5965
}
6066

6167
/*
@@ -78,7 +84,7 @@ public function login () {
7884
curl_setopt($prox_ch, CURLOPT_POST, true);
7985
curl_setopt($prox_ch, CURLOPT_RETURNTRANSFER, true);
8086
curl_setopt($prox_ch, CURLOPT_POSTFIELDS, $login_postfields_string);
81-
curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, false);
87+
curl_setopt($prox_ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl);
8288

8389
$login_ticket = curl_exec($prox_ch);
8490
$login_request_info = curl_getinfo($prox_ch);
@@ -87,13 +93,19 @@ public function login () {
8793
unset($prox_ch);
8894
unset($login_postfields_string);
8995

96+
if (!$login_ticket) {
97+
// SSL negotiation failed or connection timed out
98+
$this->login_ticket_timestamp = null;
99+
return false;
100+
}
101+
90102
$login_ticket_data = json_decode($login_ticket, true);
91-
if ($login_ticket_data == null) {
103+
if ($login_ticket_data == null || $login_ticket_data['data'] == null) {
92104
// Login failed.
93105
// Just to be safe, set this to null again.
94106
$this->login_ticket_timestamp = null;
95107
if ($login_request_info['ssl_verify_result'] == 1) {
96-
throw new PVE2_Exception("Invalid SSL cert on {$this->hostname} - check that the hostname is correct, and that it appears in the server certificate's SAN list.", 4);
108+
throw new PVE2_Exception("Invalid SSL cert on {$this->hostname} - check that the hostname is correct, and that it appears in the server certificate's SAN list. Alternatively set the verify_ssl flag to false if you are using internal self-signed certs (ensure you are aware of the security risks before doing so).", 4);
97109
}
98110
return false;
99111
} else {

0 commit comments

Comments
 (0)