verify results from the CPAN

verify

Apache-Session-Browseable

view release on metacpan or search on metacpan

lib/Apache/Session/Browseable/Patroni.pm view on Meta::CPAN

=item * C<PatroniVerifySSL> (default: 1)

Set to 0 to disable SSL certificate verification. B<Warning>: This makes
HTTPS connections vulnerable to MITM attacks. Only use in development or
when you have other network-level protections.

  PatroniVerifySSL => 0,  # INSECURE - disable SSL verification

=item * C<PatroniSSLCAFile>

Path to a custom CA certificate file (PEM format) for verifying the Patroni
API server certificate.

  PatroniSSLCAFile => '/etc/ssl/certs/patroni-ca.pem',

=item * C<PatroniSSLCAPath>

Path to a directory containing CA certificates for verification.

  PatroniSSLCAPath => '/etc/ssl/certs/',

lib/Apache/Session/Browseable/Store/LDAP.pm view on Meta::CPAN

    }

    # Compatibility
    my $caFile = $self->{args}->{ldapCAFile} || $self->{args}->{caFile};
    my $caPath = $self->{args}->{ldapCAPath} || $self->{args}->{caPath};

    # Connect
    my $ldap = Net::LDAP->new(
        \@servers,
        onerror => undef,
        verify  => $self->{args}->{ldapVerify} || "require",
        ( $caFile ? ( cafile => $caFile ) : () ),
        ( $caPath ? ( capath => $caPath ) : () ),

        (
            $self->{args}->{ldapRaw} ? ( raw => $self->{args}->{ldapRaw} )
            : ()
        ),
        (
            $self->{args}->{ldapPort} ? ( port => $self->{args}->{ldapPort} )
            : ()

lib/Apache/Session/Browseable/Store/LDAP.pm view on Meta::CPAN

        if (    $ldap->socket->isa('IO::Socket::SSL')
            and $ldap->socket->errstr < 0 )
        {
            die( "SSL connection error: " . $ldap->socket->errstr );
        }
    }

    # Start TLS if needed
    if ($useTls) {
        my %h = split( /[&=]/, $tlsParam );
        $h{verify} ||= ( $self->{args}->{ldapVerify} || "require" );
        $h{cafile} ||= $caFile if ($caFile);
        $h{capath} ||= $caPath if ($caPath);
        my $start_tls = $ldap->start_tls(%h);
        if ( $start_tls->code ) {
            $self->logError($start_tls);
            return;
        }
    }

    # Bind with credentials

lib/Apache/Session/Browseable/Store/Patroni.pm view on Meta::CPAN

        # Circuit breaker active, try cached leader as fallback
        return $self->_useCachedLeader( $args, $originalDataSource,
            "Circuit breaker active" );
    }

    require JSON;
    require LWP::UserAgent;
    require IO::Socket::SSL;

    # SSL verification: secure by default, can be disabled with PatroniVerifySSL => 0
    my $verify_ssl = $args->{PatroniVerifySSL} // 1;
    my %ssl_opts;
    if ($verify_ssl) {
        %ssl_opts = (
            verify_hostname => 1,
            SSL_verify_mode => &IO::Socket::SSL::SSL_VERIFY_PEER,
            ( $args->{PatroniSSLCAFile} ? ( SSL_ca_file => $args->{PatroniSSLCAFile} ) : () ),
            ( $args->{PatroniSSLCAPath} ? ( SSL_ca_path => $args->{PatroniSSLCAPath} ) : () ),
        );
    }
    else {
        %ssl_opts = (
            verify_hostname => 0,
            SSL_verify_mode => &IO::Socket::SSL::SSL_VERIFY_NONE,
        );
    }

    my $ua = LWP::UserAgent->new(
        env_proxy => 1,
        ssl_opts  => \%ssl_opts,
        timeout   => $args->{PatroniTimeout} || 3,
    );
    my $res;

( run in 3.298 seconds using v1.01-cache-2.11-cpan-63c85eba8c4 )