From 4d125be9d95dab786477e6881ab37e54334595ba Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Tue, 10 Sep 2024 14:28:16 +0700
Subject: amttool: set SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

This is necessary to get past the SSL handshake in more recent versions
of openssl.

Still getting an "401 Unauthorized" with the system I've been testing
with, but that might already all that's needed for older systems.
Message-ID: <20240910072816.33197-1-flokli@flokli.de>
---
 amttool | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/amttool b/amttool
index a10c0dd..35ce0b0 100755
--- a/amttool
+++ b/amttool
@@ -3,6 +3,7 @@ use strict;
 use warnings;
 use SOAP::Lite;
 #use SOAP::Lite +trace => 'all';
+use IO::Socket::SSL;
 
 my $amt_host = shift;
 my $amt_port = "16992";
@@ -101,6 +102,16 @@ my %pt_status = (
 
 my ($nas, $sas, $rcs);
 
+IO::Socket::SSL::set_defaults(
+    SSL_create_ctx_callback => sub {
+        my $ctx = shift;
+        # SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+        Net::SSLeay::CTX_set_options($ctx, 0x00040000);
+        # Set SSL_verify_mode to SSL_VERIFY_NONE (do not verify the certificate)
+        Net::SSLeay::CTX_set_verify($ctx, Net::SSLeay::VERIFY_NONE, sub { 1 });
+    },
+);
+
 sub SOAP::Transport::HTTP::Client::get_basic_credentials {
 	return $main::amt_user => $main::amt_pass;
 }
-- 
cgit