From 8153e67107c8b8fc4a430f8c20bdd1d9bef9314e Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Thu, 14 Dec 2017 11:12:06 +0100 Subject: [PATCH] raise exception if manual fingerprint verification failed If a fingerprint could not be verified automatically or manually raise an exception to ensure that we do not continue with handling the problematic or even evil response. Signed-off-by: Thomas Lamprecht --- PVE/APIClient/LWP.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/PVE/APIClient/LWP.pm b/PVE/APIClient/LWP.pm index 81906a1..20e3b56 100755 --- a/PVE/APIClient/LWP.pm +++ b/PVE/APIClient/LWP.pm @@ -139,8 +139,7 @@ sub manual_verify_fingerprint { my ($self, $fingerprint) = @_; if (!$self->{manual_verification}) { - warn "fingerprint: $fingerprint\n"; - return 0; + raise("fingerprint '$fingerprint' not verified, abort!\n"); } print "The authenticity of host '$self->{host}' can't be established.\n" . @@ -153,6 +152,8 @@ sub manual_verify_fingerprint { $self->{cached_fingerprints}->{$fingerprint} = $valid; + raise("Fingerprint not verified, abort!\n") if !$valid; + if (my $cb = $self->{register_fingerprint_cb}) { $cb->($fingerprint) if $valid; }