From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 14 Dec 2017 10:12:06 +0000 (+0100)
Subject: raise exception if manual fingerprint verification failed
X-Git-Url: https://git.proxmox.com/?p=pve-apiclient.git;a=commitdiff_plain;h=8153e67107c8b8fc4a430f8c20bdd1d9bef9314e

raise exception if manual fingerprint verification failed

If a fingerprint could not be verified automatically or manually
raise an exception to ensure that we do not continue with handling
the problematic or even evil response.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm
index 81906a1..20e3b56 100755
--- a/PVE/APIClient/LWP.pm
+++ b/PVE/APIClient/LWP.pm
@@ -139,8 +139,7 @@ sub manual_verify_fingerprint {
     my ($self, $fingerprint) = @_;
 
     if (!$self->{manual_verification}) {
-	warn "fingerprint: $fingerprint\n";
-	return 0;
+	raise("fingerprint '$fingerprint' not verified, abort!\n");
     }
 
     print "The authenticity of host '$self->{host}' can't be established.\n" .
@@ -153,6 +152,8 @@ sub manual_verify_fingerprint {
 
     $self->{cached_fingerprints}->{$fingerprint} = $valid;
 
+    raise("Fingerprint not verified, abort!\n") if !$valid;
+
     if (my $cb = $self->{register_fingerprint_cb}) {
 	$cb->($fingerprint) if $valid;
     }