version 1.88, 2017/05/19 00:56:34
|
version 1.98, 2024/07/06 16:00:22
|
Line 62 sub get_new_sslkeypass {
|
Line 62 sub get_new_sslkeypass {
|
sub get_static_config { |
sub get_static_config { |
# get LCperlvars from loncapa_apache.conf |
# get LCperlvars from loncapa_apache.conf |
my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10' || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
$confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
} |
} |
my $filename='loncapa_apache.conf'; |
my $filename='loncapa_apache.conf'; |
Line 537 sub get_ssldesc {
|
Line 537 sub get_ssldesc {
|
} |
} |
|
|
sub get_cert_status { |
sub get_cert_status { |
my ($lonHostID,$perlvarstatic) = @_; |
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => 1,},'text','cgi'); |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','install'); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my $output = ''; |
my $output = ''; |
if ($currcerts eq "$lonHostID:error") { |
if ($currcerts eq "$lonHostID:error") { |
Line 553 sub get_cert_status {
|
Line 553 sub get_cert_status {
|
} else { |
} else { |
my %sslnames = &get_sslnames(); |
my %sslnames = &get_sslnames(); |
my %ssldesc = &get_ssldesc(); |
my %ssldesc = &get_ssldesc(); |
|
my %csr; |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
if ($lonhost eq $lonHostID) { |
if ($lonhost eq $lonHostID) { |
my @items = split(/\&/,$info); |
my @items = split(/\&/,$info); |
foreach my $item (@items) { |
foreach my $item (@items) { |
my ($key,$value) = split(/=/,$item,2); |
my ($key,$value) = split(/=/,$item,2); |
|
if ($key =~ /^(host(?:|name))\-csr$/) { |
|
$csr{$1} = $value; |
|
} |
my @data = split(/,/,$value); |
my @data = split(/,/,$value); |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
my ($checkcsr,$comparecsr); |
if (lc($data[0]) eq 'yes') { |
if (lc($data[0]) eq 'yes') { |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
if ($key eq 'key') { |
if ($key eq 'key') { |
Line 587 sub get_cert_status {
|
Line 592 sub get_cert_status {
|
$lonhostnamecertstatus = "status: created with missing key"; |
$lonhostnamecertstatus = "status: created with missing key"; |
} |
} |
} |
} |
|
if ($setstatus) { |
|
$comparecsr = 1; |
|
} |
} |
} |
unless ($setstatus) { |
unless ($setstatus) { |
if ($data[1] eq 'expired') { |
if ($data[1] eq 'expired') { |
Line 606 sub get_cert_status {
|
Line 614 sub get_cert_status {
|
} else { |
} else { |
$sslstatus{$key} = 0; |
$sslstatus{$key} = 0; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
if (($key eq 'host') || ($key eq 'hostname')) { |
if ($key eq 'key') { |
my $csr = $perlvarstatic->{$sslnames{$key}}; |
$lonkeystatus = 'still needed'; |
$csr =~s /\.pem$/.csr/; |
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
my $csrstatus; |
$checkcsr = 1; |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csr") { |
} |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csr 2>&1 |"); |
} |
while(<PIPE>) { |
if (($checkcsr) || ($comparecsr)) { |
chomp(); |
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
$csrstatus = $_; |
$csrfile =~s /\.pem$/.csr/; |
last; |
my $csrstatus; |
} |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
close(PIPE); |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
|
while(<PIPE>) { |
|
chomp(); |
|
$csrstatus = $_; |
|
last; |
|
} |
|
close(PIPE); |
|
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
if ($key eq 'host') { |
if ($key eq 'host') { |
$lonhostcertstatus = 'awaiting signature'; |
$lonhostcertstatus = 'awaiting signature'; |
Line 625 sub get_cert_status {
|
Line 640 sub get_cert_status {
|
$lonhostnamecertstatus = 'awaiting signature'; |
$lonhostnamecertstatus = 'awaiting signature'; |
} |
} |
$sslstatus{$key} = 3; |
$sslstatus{$key} = 3; |
|
} |
|
} elsif ($checkcsr) { |
|
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
} else { |
} else { |
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
$lonhostnamecertstatus = 'still needed'; |
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
|
} else { |
|
$lonhostnamecertstatus = 'still needed'; |
|
} |
|
} |
} |
} elsif ($key eq 'key') { |
|
$lonkeystatus = 'still needed'; |
|
} |
} |
} |
} |
} |
} |
Line 1288 END
|
Line 1301 END
|
|
|
# update loncapa.conf |
# update loncapa.conf |
my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10' || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
$confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
} |
} |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
Line 1345 END
|
Line 1358 END
|
</file> |
</file> |
<file> |
<file> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='sles10 sles11 sles12 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16'>/etc/apache2/</target> |
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 debian10 debian11 debian12 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>/etc/apache2/</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
# read values from loncapa.conf |
# read values from loncapa.conf |
my $confdir = "<TARGET />"; |
my $confdir = "<TARGET />"; |
Line 1601 if ($supportmail) {
|
Line 1614 if ($supportmail) {
|
|
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
print $certinfo; |
print $certinfo; |
my %sslstatus; |
my %sslstatus; |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
Line 1918 END
|
Line 1931 END
|
&make_key($certsdir,$privkey,$sslkeypass); |
&make_key($certsdir,$privkey,$sslkeypass); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 1957 END
|
Line 1970 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2002 END
|
Line 2015 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2039 END
|
Line 2052 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2084 END
|
Line 2097 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |