TT#49255 Enable all ssl checkings for the ZTP RPC calls

It works well now for Panasonic, Polycom, Yealink Snom works (403 response) if change current host provisioning.snom.com to secure-provisioning.snom.com Without this change we need to disable name checking, and then the same get 403 response code with short html description (so, ssl works). Change-Id: I1743d2dcb33557a7cf9898aef56f00074b9141a2
7 years ago · 99e1d60ee6
parent 0a5e2dfcb1
commit 99e1d60ee6
2 changed files with 24 additions and 4 deletions
--- a/lib/NGCP/Panel/Utils/DeviceBootstrap.pm
+++ b/lib/NGCP/Panel/Utils/DeviceBootstrap.pm
@ -66,6 +66,7 @@ sub _dispatch{
    }
    return $err;
 }
+
 sub get_devmod_params{
    my($c, $devmod) = @_;

@ -91,6 +92,7 @@ sub get_devmod_params{
        redirect_uri => $devmod->bootstrap_uri,
        redirect_params => $sync_params,
        credentials => $vcredentials,
+        vendor => $devmod->vendor,
    };
    return $params;
 }
--- a/lib/NGCP/Panel/Utils/DeviceBootstrap/VendorRPC.pm
+++ b/lib/NGCP/Panel/Utils/DeviceBootstrap/VendorRPC.pm
@ -44,12 +44,30 @@ has '_ua' => (
    default => sub {
        my $self = shift;

-        my $cfg = $self->rpc_server_params;
-
+        my $c = $self->params->{c};
+        my $vendor = lc($self->params->{vendor} // '');
+        my ($verify_ssl, $verify_ssl_hostname) = (1,1);
+        if ($c && $vendor) {
+            
+            my $autoprov_config = $c->config->{deviceprovisioning};
+            if (ref $autoprov_config eq 'HASH') {
+                if ($autoprov_config->{skip_vendor_ssl_verify}) {
+                    if (grep {$_ eq $vendor} split(/\W+/, lc($autoprov_config->{skip_vendor_ssl_verify}))) {
+                        $verify_ssl = 0;
+                    }
+                }
+                if ($autoprov_config->{skip_vendor_ssl_verify_hostname}) {
+                    if (grep {$_ eq $vendor} split(/\W+/, lc($autoprov_config->{skip_vendor_ssl_verify_hostname}))) {
+                        $verify_ssl_hostname = 0;
+                    }
+                }
+            }
+            $c->log->debug("vendor: $vendor; verify_ssl: $verify_ssl; verify_ssl_hostname: $verify_ssl_hostname;");
+        }
        my $ua = LWP::UserAgent->new(keep_alive => 1);
        $ua->ssl_opts(
-            verify_hostname => 0,
-            SSL_verify_mode => 0,
+            SSL_verify_mode => $verify_ssl,
+            verify_hostname => $verify_ssl_hostname,
        );
        return $ua;
    }