--- loncom/lond	2018/08/18 22:07:48	1.548
+++ loncom/lond	2018/08/20 22:42:05	1.549
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.548 2018/08/18 22:07:48 raeburn Exp $
+# $Id: lond,v 1.549 2018/08/20 22:42:05 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -65,7 +65,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.548 $'; #' stupid emacs
+my $VERSION='$Revision: 1.549 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -792,10 +792,17 @@ sub ConfigFileFromSelector {
     my $selector   = shift;
     my $tablefile;
 
-    my $tabledir = $perlvar{'lonTabDir'}.'/';
-    if (($selector eq "hosts") || ($selector eq "domain") || 
-        ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
-	$tablefile =  $tabledir.$selector.'.tab';
+    if ($selector eq 'loncapaCAcrl') {
+        my $tabledir = $perlvar{'lonCertificateDirectory'};
+        if (-d $tabledir) {
+            $tablefile =  $tabledir.'/'.$selector.'.pem';
+        }
+    } else {
+        my $tabledir = $perlvar{'lonTabDir'}.'/';
+        if (($selector eq "hosts") || ($selector eq "domain") || 
+            ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
+	    $tablefile =  $tabledir.$selector.'.tab';
+        }
     }
     return $tablefile;
 }
@@ -819,12 +826,13 @@ sub PushFile {
     my ($command, $filename, $contents) = split(":", $request, 3);
     &Debug("PushFile");
     
-    #  At this point in time, pushes for only the following tables are
-    #  supported:
+    #  At this point in time, pushes for only the following tables and
+    #  CRL file are supported:
     #   hosts.tab  ($filename eq host).
     #   domain.tab ($filename eq domain).
     #   dns_hosts.tab ($filename eq dns_host).
     #   dns_domain.tab ($filename eq dns_domain). 
+    #   loncapaCAcrl.pem ($filename eq loncapaCAcrl);   
     # Construct the destination filename or reject the request.
     #
     # lonManage is supposed to ensure this, however this session could be
@@ -845,7 +853,8 @@ sub PushFile {
 
     if($filename eq "host") {
 	$contents = AdjustHostContents($contents);
-    } elsif ($filename eq 'dns_host' || $filename eq 'dns_domain') {
+    } elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') ||
+             ($filename eq 'loncapaCAcrl')) {
         if ($contents eq '') {
             &logthis('<font color="red"> Pushfile: unable to install '
                     .$tablefile." - no data received from push. </font>");
@@ -856,8 +865,13 @@ sub PushFile {
             if ($managers{$clientip} eq $clientname) {
                 my $clientprotocol = $Apache::lonnet::protocol{$clientname};
                 $clientprotocol = 'http' if ($clientprotocol ne 'https');
-                my $url = '/adm/'.$filename;
-                $url =~ s{_}{/};
+                my $url;
+                if ($filename eq 'loncapaCAcrl') {
+                    $url = '/adm/dns/loncapaCRL';
+                } else {
+                    $url = '/adm/'.$filename;
+                    $url =~ s{_}{/};
+                }
                 my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
                 my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
                 if ($response->is_error()) {
@@ -8922,7 +8936,7 @@ is closed and the child exits.
 =item Red CRITICAL Can't get key file <error>        
 
 SSL key negotiation is being attempted but the call to
-lonssl::KeyFile  failed.  This usually means that the
+lonssl::KeyFile failed.  This usually means that the
 configuration file is not correctly defining or protecting
 the directories/files lonCertificateDirectory or
 lonnetPrivateKey