HEX
Server: Apache
System: Linux dinesh8189 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: cgmgerenciamento1 (814285)
PHP: 8.1.26
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/
Upload Files
File: //opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/ssl.rb
require 'puppet/ssl/openssl_loader'

##
# SSL is a private module with class methods that help work with x.509
# subjects and errors.
#
# @api private
module Puppet::Util::SSL

  @@dn_parsers = nil
  @@no_name = nil

  # Given a DN string, parse it into an OpenSSL certificate subject.  This
  # method will flexibly handle both OpenSSL and RFC2253 formats, as given by
  # nginx and Apache, respectively.
  #
  # @param [String] dn the x.509 Distinguished Name (DN) string.
  #
  # @return [OpenSSL::X509::Name] the certificate subject
  def self.subject_from_dn(dn)
    if is_possibly_valid_dn?(dn)
      parsers = @@dn_parsers ||= [
            OpenSSL::X509::Name.method(:parse_rfc2253),
            OpenSSL::X509::Name.method(:parse_openssl)
        ]
      parsers.each do |parser|
        begin
          return parser.call(dn)
        rescue OpenSSL::X509::NameError
        end
      end
    end

    @@no_name ||= OpenSSL::X509::Name.new
  end

  ##
  # cn_from_subject extracts the CN from the given OpenSSL certificate
  # subject.
  #
  # @api private
  #
  # @param [OpenSSL::X509::Name] subject the subject to extract the CN field from
  #
  # @return [String, nil] the CN, or nil if not found
  def self.cn_from_subject(subject)
    if subject.respond_to? :to_a
      (subject.to_a.assoc('CN') || [])[1]
    end
  end

  def self.is_possibly_valid_dn?(dn)
    dn =~ /=/
  end

  ##
  # Extract and format meaningful error messages from OpenSSL::OpenSSLErrors
  # and a Validator. Re-raises the error if unknown.
  #
  # @api private
  #
  # @param [OpenSSL::OpenSSLError] error An error thrown during creating a
  #   connection
  # @param [Puppet::SSL::DefaultValidator] verifier A Validator who may have
  #   invalidated the connection
  # @param [String] host The DNS name of the other end of the SSL connection
  #
  # @raises [Puppet::Error, OpenSSL::OpenSSLError]
  def self.handle_connection_error(error, verifier, host)
    # can be nil
    peer_cert = verifier.peer_certs.last

    if error.message.include? "certificate verify failed"
      msg = error.message
      msg << ": [" + verifier.verify_errors.join('; ') + "]"
      raise Puppet::Error, msg, error.backtrace
    elsif peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, host)
      raise Puppet::SSL::CertMismatchError.new(peer_cert, host)
    else
      raise error
    end
  end
end
@ Telegram