diff -Naurd fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py
--- fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py 2013-07-30 12:46:11.000000000 +0200
+++ fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py 2014-02-20 11:53:07.576955152 +0100
@@ -107,7 +107,7 @@
"order" : 1 }
def main():
- device_opt = [ "ipaddr", "login", "passwd", "ssl", "port", "web", "suborg" ]
+ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg" ]
atexit.register(atexit_handler)
diff -Naurd fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py
--- fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py 2014-02-20 11:52:28.948883919 +0100
+++ fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py 2014-02-20 11:53:07.655955297 +0100
@@ -63,7 +63,7 @@
"order" : 1 }
def main():
- device_opt = [ "ipaddr", "login", "passwd", "ssl", "ribcl" ]
+ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "ribcl" ]
atexit.register(atexit_handler)
diff -Naurd fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py fence-agents-4.0.2/fence/agents/lib/fencing.py.py
--- fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py 2014-02-20 11:52:29.345884646 +0100
+++ fence-agents-4.0.2/fence/agents/lib/fencing.py.py 2014-02-20 11:53:07.655955297 +0100
@@ -177,6 +177,14 @@
"required" : "0",
"shortdesc" : "SSL connection",
"order" : 1 },
+ "notls" : {
+ "getopt" : "t",
+ "longopt" : "notls",
+ "help" : "-t, --notls Disable TLS negotiation and force SSL3.0.\n" +
+ " This should only be used for devices that do not support TLS1.0 and up.",
+ "required" : "0",
+ "shortdesc" : "Disable TLS negotiation",
+ "order" : 1 },
"port" : {
"getopt" : "n:",
"longopt" : "plug",
@@ -927,7 +935,11 @@
re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE)
if options.has_key("--ssl"):
- command = '%s --insecure --crlf -p %s %s' % (SSL_PATH, options["--ipport"], options["--ip"])
+ gnutls_opts=""
+ if options.has_key("--notls"):
+ gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\""
+
+ command = '%s %s --insecure --crlf -p %s %s' % (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"])
try:
conn = fspawn(options, command)
except pexpect.ExceptionPexpect, ex:
diff -Naurd fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py
--- fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py 2013-07-30 12:46:12.000000000 +0200
+++ fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py 2014-02-20 11:53:07.655955297 +0100
@@ -101,7 +101,7 @@
return result
def main():
- device_opt = [ "ipaddr", "login", "passwd", "ssl", "web", "port" ]
+ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "web", "port" ]
atexit.register(atexit_handler)
diff -Naurd fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py
--- fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:52:29.000884014 +0100
+++ fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:53:07.656955299 +0100
@@ -177,7 +177,7 @@
shutil.rmtree(tmp_dir)
def main():
- device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "port" ]
+ device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "notls", "port" ]
atexit.register(atexit_handler)