From c46d3522bd8aa29883f395f22fab0b35c92141d1 Mon Sep 17 00:00:00 2001 From: Brian Wuchner Date: Mon, 24 Jan 2022 14:48:21 -0500 Subject: [PATCH] Updates to SSC Module -- provide better SSL support for Connect-SscServer Moving the code to set SslProtocol to a separate parameter instead of hiding it under SkipCertificateCheck. Updating Module Version to denote this minor change. Signed-off-by: Brian Wuchner --- Modules/SaltStackConfig/SaltStackConfig.psd1 | 2 +- Modules/SaltStackConfig/SaltStackConfig.psm1 | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Modules/SaltStackConfig/SaltStackConfig.psd1 b/Modules/SaltStackConfig/SaltStackConfig.psd1 index 6c4f3f3..1394171 100644 --- a/Modules/SaltStackConfig/SaltStackConfig.psd1 +++ b/Modules/SaltStackConfig/SaltStackConfig.psd1 @@ -17,7 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause RootModule = 'SaltStackConfig.psm1' # Version number of this module. -ModuleVersion = '0.0.5' +ModuleVersion = '0.0.6' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/Modules/SaltStackConfig/SaltStackConfig.psm1 b/Modules/SaltStackConfig/SaltStackConfig.psm1 index f714f4e..0d7ce48 100644 --- a/Modules/SaltStackConfig/SaltStackConfig.psm1 +++ b/Modules/SaltStackConfig/SaltStackConfig.psm1 @@ -36,7 +36,8 @@ Function Connect-SscServer { [Parameter(Mandatory=$true, ParameterSetName='PlainText', Position=2)][ValidateNotNullOrEmpty()][string]$password, [Parameter(Mandatory=$false, Position=3)][string]$AuthSource='internal', [Parameter(Mandatory=$false, ParameterSetName='Credential')][PSCredential]$Credential, - [Parameter(Mandatory=$false)][Switch]$SkipCertificateCheck + [Parameter(Mandatory=$false)][Switch]$SkipCertificateCheck, + [Parameter(Mandatory=$false)][ValidateSet('Tls13','Tls12','Tls11','Tls','SystemDefault')]$SslProtocol ) if ($PSCmdlet.ParameterSetName -eq 'Credential' -AND $Credential -eq $null) { $Credential = Get-Credential} @@ -58,10 +59,13 @@ Function Connect-SscServer { } } "@ - [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12' [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy } # end if SkipCertificate Check + if ($SslProtocol) { + [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]$SslProtocol + } + $loginBody = @{'username'=$username; 'password'=$password; 'config_name'=$AuthSource} try { $webRequest = Invoke-WebRequest -Uri "https://$server/account/login" -SessionVariable ws