version 1.544, 2018/07/29 03:03:36
|
version 1.545, 2018/08/07 17:12:09
|
Line 108 my %perlvar; # Will have the apache co
|
Line 108 my %perlvar; # Will have the apache co
|
my %secureconf; # Will have requirements for security |
my %secureconf; # Will have requirements for security |
# of lond connections |
# of lond connections |
|
|
|
my %crlchecked; # Will contain clients for which the client's SSL |
|
# has been checked against the cluster's Certificate |
|
# Revocation List. |
|
|
my $dist; |
my $dist; |
|
|
# |
# |
Line 420 sub SSLConnection {
|
Line 424 sub SSLConnection {
|
Debug("Approving promotion -> ssl"); |
Debug("Approving promotion -> ssl"); |
# And do so: |
# And do so: |
|
|
|
my $CRLFile; |
|
unless ($crlchecked{$clientname}) { |
|
$CRLFile = lonssl::CRLFile(); |
|
$crlchecked{$clientname} = 1; |
|
} |
|
|
my $SSLSocket = lonssl::PromoteServerSocket($Socket, |
my $SSLSocket = lonssl::PromoteServerSocket($Socket, |
$CACertificate, |
$CACertificate, |
$Certificate, |
$Certificate, |
$KeyFile, |
$KeyFile, |
$clientname); |
$clientname, |
|
$CRLFile); |
if(! ($SSLSocket) ) { # SSL socket promotion failed. |
if(! ($SSLSocket) ) { # SSL socket promotion failed. |
my $err = lonssl::LastError(); |
my $err = lonssl::LastError(); |
&logthis("<font color=\"red\"> CRITICAL " |
&logthis("<font color=\"red\"> CRITICAL " |
Line 6993 sub UpdateHosts {
|
Line 7004 sub UpdateHosts {
|
|
|
my %oldconf = %secureconf; |
my %oldconf = %secureconf; |
my %connchange; |
my %connchange; |
if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') { |
if (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') { |
logthis('<font color="blue"> Reloaded SSL connection rules </font>'); |
logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>'); |
} else { |
} else { |
logthis('<font color="yellow"> Failed to reload SSL connection rules </font>'); |
logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>'); |
} |
} |
if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) { |
if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) { |
foreach my $type ('dom','intdom','other') { |
foreach my $type ('dom','intdom','other') { |
Line 7275 if ($arch eq 'unknown') {
|
Line 7286 if ($arch eq 'unknown') {
|
chomp($arch); |
chomp($arch); |
} |
} |
|
|
unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') { |
unless (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') { |
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>'); |
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>'); |
} |
} |
|
|