Hi,
The attached patch adds support for the cafile and verify_peer options
in the configuration file. These lets you set CA-certificate and/or
disable certificate verification per list.
--
Marius Halden
diff -ur orig/listadmin patched/listadmin
--- orig/listadmin 2015-11-22 20:36:34.409423773 +0100
+++ patched/listadmin 2015-11-22 20:43:19.920715270 +0100
@@ -25,6 +25,7 @@
use Encode; # appeared in perl 5.7.1
use strict;
use English;
+use IO::Socket::SSL;
my $rc = $ENV{"HOME"}."/.listadmin.ini";
@@ -93,6 +94,9 @@
my $term;
my $term_encoding = langinfo(CODESET());
+my $default_ssl_cafile = $ua->ssl_opts("SSL_ca_file");
+my $default_ssl_verify = IO::Socket::SSL::SSL_VERIFY_PEER; # This is the default for clients
+
# the C and POSIX locale in Solaris uses the charset "646", but Perl
# doesn't support it.
$term_encoding = "ascii" if $term_encoding eq "646";
@@ -131,10 +135,18 @@
my $subscribe_result;
if (@opt_add_member) {
+ $ua->ssl_opts("SSL_ca_file" => $config->{$list}->{"cafile"});
+ $ua->ssl_opts("verify_hostname" => $config->{$list}->{"verify_hostname"});
+ $ua->ssl_opts("SSL_verify_mode" => $config->{$list}->{"verify_peer"});
+
$subscribe_result = add_subscribers($list, $config->{$list}, $opt_mail,
@opt_add_member);
}
if (@opt_remove_member) {
+ $ua->ssl_opts("SSL_ca_file" => $config->{$list}->{"cafile"});
+ $ua->ssl_opts("verify_hostname" => $config->{$list}->{"verify_hostname"});
+ $ua->ssl_opts("SSL_verify_mode" => $config->{$list}->{"verify_peer"});
+
$subscribe_result = remove_subscribers($list, $config->{$list},
@opt_remove_member);
}
@@ -150,6 +162,10 @@
}
}
if (defined $opt_l) {
+ $ua->ssl_opts("SSL_ca_file" => $config->{$list}->{"cafile"});
+ $ua->ssl_opts("verify_hostname" => $config->{$list}->{"verify_hostname"});
+ $ua->ssl_opts("SSL_verify_mode" => $config->{$list}->{"verify_peer"});
+
my @subscribers = list_subscribers($list, $config->{$list});
print join("\n", @subscribers, "");
exit(@subscribers == 0);
@@ -163,6 +179,10 @@
my $user = $config->{$list}{"user"};
my $pw = $config->{$list}{"password"} || "";
+ $ua->ssl_opts("SSL_ca_file" => $config->{$list}->{"cafile"});
+ $ua->ssl_opts("verify_hostname" => $config->{$list}->{"verify_hostname"});
+ $ua->ssl_opts("SSL_verify_mode" => $config->{$list}->{"verify_peer"});
+
if (time > $time_limit) {
print "Time's up, skipping the remaining lists\n";
last;
@@ -1408,6 +1428,9 @@
$cur{user} = $cur{password} = $cur{action} = $cur{default} = "";
$cur{confirm} = 1;
$cur{unprintable} = "questionmark";
+ $cur{cafile} = $default_ssl_cafile;
+ $cur{verify_peer} = $default_ssl_verify;
+ $cur{verify_hostname} = 1;
my $conf = {};
my $line = "";
@@ -1519,6 +1542,23 @@
"unprintable characters: '$cur{unprintable}'\n";
exit 1;
}
+ } elsif ($line =~ /^cafile\s+/i) {
+ $cur{cafile} = unquote($POSTMATCH);
+ $cur{cafile} = $default_ssl_cafile
+ if $cur{cafile} eq "NONE";
+ } elsif ($line =~ /^verify_peer\s+/i) {
+ my $value = unquote($POSTMATCH);
+ if ($value eq "no") {
+ $cur{verify_peer} = IO::Socket::SSL::SSL_VERIFY_NONE;
+ $cur{verify_hostname} = 0;
+ } elsif ($value eq "yes") {
+ $cur{verify_peer} = $default_ssl_verify;
+ $cur{verify_hostname} = 1;
+ } else {
+ print STDERR "$file:$lineno: Illegal value: '$value\n";
+ print STDERR "choose one of yes or no\n";
+ exit 1;
+ }
} else {
print STDERR "$file:$lineno: Syntax error: '$line'\n";
exit 1;
diff -ur orig/listadmin.1 patched/listadmin.1
--- orig/listadmin.1 2010-04-09 23:59:52.000000000 +0200
+++ patched/listadmin.1 2015-11-22 20:34:07.362043314 +0100
@@ -173,6 +173,13 @@
to avoid clearing the list of meta members when manipulating the list
of ordinary members. \fINote: Requires additional Perl module
WWW::Mechanize\fP
+.IP "cafile \fI/path/to/CAcertificate\fP"
+Specify which CA certificate to use for all lists following. Setting
+cafile to NONE will use the default cafile.
+.IP "verify_peer \fIyes|no\fP"
+If set to no SSL certificate verification will be disabled for all lists
+following.
+
\" "dumpdir" is for developer use, so it isn't documented.
