--- loncom/configuration/SSL.pm 2018/08/18 22:07:53 1.7
+++ loncom/configuration/SSL.pm 2019/07/11 18:12:06 1.10
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Checksum installed LON-CAPA modules and some configuration files
#
-# $Id: SSL.pm,v 1.7 2018/08/18 22:07:53 raeburn Exp $
+# $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
@@ -58,6 +58,7 @@ sub print_certstatus {
'key' => 'Private Key',
'host' => 'Connections Certificate',
'hostname' => 'Replication Certificate',
+ 'crl' => 'Revocations List',
'ca' => 'LON-CAPA CA Certificate',
'expired' => 'Expired',
'future' => 'Future validity',
@@ -65,8 +66,9 @@ sub print_certstatus {
'otherkey' => 'No matching key',
'revoked' => 'Revoked by CA',
'wrongcn' => 'Incorrect CN',
+ 'mismatch' => 'Mismatched Issuer',
);
- my @files = qw(key host hostname ca);
+ my @files = qw(key host hostname ca crl);
my @fields = qw(status cn start end alg size email);
foreach my $server (sort(keys(%{$servers}))) {
my $hostname = $servers->{$server};
@@ -93,7 +95,7 @@ sub print_certstatus {
} else {
$message .= $file.'=';
}
- if (ref($hashref->{$file}) eq 'HASH') {
+ if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) {
my ($starttime,$endtime,$dateinvalid);
if ($target eq 'web') {
$message .= '| '.$lt{'yes'}.' | ';
@@ -102,30 +104,30 @@ sub print_certstatus {
}
unless ($file eq 'key') {
if ($hashref->{$file}->{'end'} ne '') {
- my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
- if (ref($dt)) {
- $endtime = $dt->epoch;
- if ($endtime < time) {
- if ($target eq 'web') {
- $dateinvalid = $lt{'expired'};
- } else {
- $dateinvalid = 'expired';
- }
+ if ($file eq 'crl') {
+ $endtime = $hashref->{$file}->{'end'};
+ } else {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
+ if (ref($dt)) {
+ $endtime = $dt->epoch;
}
}
+ if (($endtime ne '') && ($endtime < time)) {
+ $dateinvalid = 'expired';
+ }
}
if ($hashref->{$file}->{'start'} ne '') {
- my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
- if (ref($dt)) {
- $starttime = $dt->epoch;
- if ($starttime > time) {
- unless ($dateinvalid) {
- if ($target eq 'web') {
- $dateinvalid = $lt{'future'};
- } else {
- $dateinvalid = 'future';
- }
- }
+ if ($file eq 'crl') {
+ $starttime = $hashref->{$file}->{'start'};
+ } else {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
+ if (ref($dt)) {
+ $starttime = $dt->epoch;
+ }
+ }
+ if ($starttime > time) {
+ unless ($dateinvalid) {
+ $dateinvalid = 'future';
}
}
}
@@ -139,28 +141,56 @@ sub print_certstatus {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
}
+ } elsif ($file eq 'crl') {
+ if ($dateinvalid) {
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
+ } elsif ($target eq 'web') {
+ if ($display ne '') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
+ my $details = $hashref->{$file}->{details};
+ if ($details ne '') {
+ $display .= ' '.$details;
+ }
+ }
} elsif ($file eq 'ca') {
if ($dateinvalid) {
- $display = $dateinvalid;
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
} elsif ($target eq 'web') {
- $display = &Apache::lonhtmlcommon::confirm_success($display);
+ if ($display ne '') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
}
} elsif ($display =~ /^ok/) {
if ($dateinvalid) {
- $display = $dateinvalid;
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
} elsif ($target eq 'web') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
} elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
($display eq 'revoked') || ($display eq 'expired') ||
- ($display eq 'wrongcn')) {
- if ($target eq 'web') {
+ ($display eq 'wrongcn') || ($display eq 'mismatch') ||
+ ($display eq '')) {
+ if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) {
$display = $lt{$display};
}
if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
if ($target eq 'web') {
- $display .= '
'.&mt('(New request awaiting signature)');
+ $display .= (($display ne '')? '
':'').
+ &mt('(New request awaiting signature)');
}
$csr{$file} = 1;
}