From ba6c2e66998b13e479b8b876dfca36e810dfe422 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Mon, 14 Mar 2016 11:25:02 +0100
Subject: [PATCH] fix #916: allow HTTPS to access custom yubico url

remove the limit to HTTP only, since it would only apply for
custom yubico validation server urls anyway.
---
 PVE/AccessControl.pm | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index b42797b..550fa87 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1199,8 +1199,6 @@ sub yubico_verify_otp {
 
     die "yubico: wrong OTP lenght\n" if (length($otp) < 32) || (length($otp) > 48);
 
-    # we always use http, because https cert verification always make problem, and
-    # some proxies does not work with https.
 
     $url = 'http://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
 
@@ -1217,10 +1215,10 @@ sub yubico_verify_otp {
 
     my $req = HTTP::Request->new('GET' => "$url?$paramstr");
 
-    my $ua = LWP::UserAgent->new(protocols_allowed => ['http'], timeout => 30);
+    my $ua = LWP::UserAgent->new(protocols_allowed => ['http', 'https'], timeout => 30);
 
     if ($proxy) {
-	$ua->proxy(['http'], $proxy);
+	$ua->proxy(['http', 'https'], $proxy);
     } else {
 	$ua->env_proxy;
     }
-- 
2.39.2