raise exception if manual fingerprint verification failed

If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 81906a14e554dfb8d09dd2658916a6ea5fad6320..20e3b56621dee188ed4cd129b2b96f31deb8ef5a 100755 (executable)
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -139,8 +139,7 @@ sub manual_verify_fingerprint {
     my ($self, $fingerprint) = @_;
 
     if (!$self->{manual_verification}) {
-       warn "fingerprint: $fingerprint\n";
-       return 0;
+       raise("fingerprint '$fingerprint' not verified, abort!\n");
     }
 
     print "The authenticity of host '$self->{host}' can't be established.\n" .
@@ -153,6 +152,8 @@ sub manual_verify_fingerprint {
 
     $self->{cached_fingerprints}->{$fingerprint} = $valid;
 
+    raise("Fingerprint not verified, abort!\n") if !$valid;
+
     if (my $cb = $self->{register_fingerprint_cb}) {
        $cb->($fingerprint) if $valid;
     }