improve protocol selection heuristic

[pve-apiclient.git] / PVE / APIClient / LWP.pm

diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 998c15de8b6d9412722c2a58f736fdc77cb874b3..63f2177615f896f20d645060b30505a9a8c4260f 100755 (executable)
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -300,9 +300,17 @@ my sub verify_cert_callback {
 sub new {
     my ($class, %param) = @_;
 
-    my $ssl_default_opts = { verify_hostname => 0 };
-    my $ssl_opts = $param{ssl_opts} || $ssl_default_opts;
+    my $ssl_opts = $param{ssl_opts} || {};
 
+    if (!defined($ssl_opts->{verify_hostname})) {
+       if (scalar(keys $param{cached_fingerprints}->%*) > 0) {
+           # purely trust the configured fingerprints, by default
+           $ssl_opts->{verify_hostname} = 0;
+       } else {
+           # no fingerprints passed, enforce hostname verification, by default
+           $ssl_opts->{verify_hostname} = 1;
+       }
+    }
     # we can only really trust openssl result if it also verifies the hostname,
     # else it's easy to intercept (MITM using valid Lets Encrypt)
     my $trust_openssl = $ssl_opts->{verify_hostname} ? 1 : 0;
@@ -345,7 +353,13 @@ sub new {
        $self->{port} = $self->{host} eq 'localhost' ? 85 : 8006;
     }
     if (!$self->{protocol}) {
-       $self->{protocol} = $self->{host} eq 'localhost' ? 'http' : 'https';
+       # cope that PBS and PVE can be installed on the same host, and one may thus use
+       # 'localhost' then - so only default to http for privileged ports, in that case,
+       # as the HTTP daemons normally run with those (e.g., 85 or 87)
+       $self->{protocol} = $self->{host} eq 'localhost' && $self->{port} < 1024
+           ? 'http'
+           : 'https'
+           ;
     }
 
     $self->{useragent} = LWP::UserAgent->new(