[LON-CAPA-cvs] cvs: loncom / lond lonssl.pm

Tue Dec 11 08:05:41 EST 2018

raeburn		Tue Dec 11 13:05:41 2018 EDT

  Modified files:              
    /loncom	lonssl.pm lond 
  Log:
  - Support Certificate Revocation List checking.
    - Change order of args in lonssl::Read_Connect_Config() as third arg used
      by call from lond (for Server) but not from LondConnection (Client)
  
  
Index: loncom/lonssl.pm
diff -u loncom/lonssl.pm:1.21 loncom/lonssl.pm:1.22

--- loncom/lonssl.pm:1.21	Mon Dec 10 17:34:22 2018
+++ loncom/lonssl.pm	Tue Dec 11 13:05:40 2018
@@ -1,5 +1,5 @@
 #
-# $Id: lonssl.pm,v 1.21 2018/12/10 17:34:22 raeburn Exp $
+# $Id: lonssl.pm,v 1.22 2018/12/11 13:05:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -138,7 +138,7 @@
         $peerdef,
         $CRLFile) = @_;
 
-    Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");
+    Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer, RemoteDefHost: $peerdef\n");
 
     # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket
@@ -418,13 +418,19 @@
 }
 
 sub Read_Connect_Config {
-    my ($secureconf,$perlvarref) = @_;
+    my ($secureconf,$perlvarref,$crlchecked) = @_;
     return unless (ref($secureconf) eq 'HASH');
 
     unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;
     }
 
+    # Clear hash of clients in lond for which Certificate Revocation List checked
+    if (ref($crlcheckedref) eq 'HASH') {
+        foreach my $key (keys(%{$crlcheckedref})) {
+            delete($crlcheckedref->{$key});
+        }
+    }
     # Clean out the old table first.
     foreach my $key (keys(%{$secureconf})) {
         delete($secureconf->{$key});
Index: loncom/lond
diff -u loncom/lond:1.554 loncom/lond:1.555
--- loncom/lond:1.554	Mon Dec  3 19:32:51 2018
+++ loncom/lond	Tue Dec 11 13:05:40 2018
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.554 2018/12/03 19:32:51 raeburn Exp $
+# $Id: lond,v 1.555 2018/12/11 13:05:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -65,7 +65,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.554 $'; #' stupid emacs
+my $VERSION='$Revision: 1.555 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -7099,7 +7099,7 @@
 
     my %oldconf = %secureconf;
     my %connchange;
-    if (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
+    if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
         logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');
     } else {
         logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');
@@ -7381,7 +7381,7 @@
     chomp($arch);
 }
 
-unless (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
+unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
     &logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
 }
 


