--- loncom/lond	2018/08/09 13:27:55	1.546
+++ loncom/lond	2018/08/20 22:42:05	1.549
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.546 2018/08/09 13:27:55 raeburn Exp $
+# $Id: lond,v 1.549 2018/08/20 22:42:05 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -65,7 +65,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.546 $'; #' stupid emacs
+my $VERSION='$Revision: 1.549 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -792,10 +792,17 @@ sub ConfigFileFromSelector {
     my $selector   = shift;
     my $tablefile;
 
-    my $tabledir = $perlvar{'lonTabDir'}.'/';
-    if (($selector eq "hosts") || ($selector eq "domain") || 
-        ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
-	$tablefile =  $tabledir.$selector.'.tab';
+    if ($selector eq 'loncapaCAcrl') {
+        my $tabledir = $perlvar{'lonCertificateDirectory'};
+        if (-d $tabledir) {
+            $tablefile =  $tabledir.'/'.$selector.'.pem';
+        }
+    } else {
+        my $tabledir = $perlvar{'lonTabDir'}.'/';
+        if (($selector eq "hosts") || ($selector eq "domain") || 
+            ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
+	    $tablefile =  $tabledir.$selector.'.tab';
+        }
     }
     return $tablefile;
 }
@@ -819,12 +826,13 @@ sub PushFile {
     my ($command, $filename, $contents) = split(":", $request, 3);
     &Debug("PushFile");
     
-    #  At this point in time, pushes for only the following tables are
-    #  supported:
+    #  At this point in time, pushes for only the following tables and
+    #  CRL file are supported:
     #   hosts.tab  ($filename eq host).
     #   domain.tab ($filename eq domain).
     #   dns_hosts.tab ($filename eq dns_host).
     #   dns_domain.tab ($filename eq dns_domain). 
+    #   loncapaCAcrl.pem ($filename eq loncapaCAcrl);   
     # Construct the destination filename or reject the request.
     #
     # lonManage is supposed to ensure this, however this session could be
@@ -845,7 +853,8 @@ sub PushFile {
 
     if($filename eq "host") {
 	$contents = AdjustHostContents($contents);
-    } elsif ($filename eq 'dns_host' || $filename eq 'dns_domain') {
+    } elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') ||
+             ($filename eq 'loncapaCAcrl')) {
         if ($contents eq '') {
             &logthis('<font color="red"> Pushfile: unable to install '
                     .$tablefile." - no data received from push. </font>");
@@ -856,8 +865,13 @@ sub PushFile {
             if ($managers{$clientip} eq $clientname) {
                 my $clientprotocol = $Apache::lonnet::protocol{$clientname};
                 $clientprotocol = 'http' if ($clientprotocol ne 'https');
-                my $url = '/adm/'.$filename;
-                $url =~ s{_}{/};
+                my $url;
+                if ($filename eq 'loncapaCAcrl') {
+                    $url = '/adm/dns/loncapaCRL';
+                } else {
+                    $url = '/adm/'.$filename;
+                    $url =~ s{_}{/};
+                }
                 my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
                 my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
                 if ($response->is_error()) {
@@ -1895,6 +1909,14 @@ sub ls3_handler {
     my $rights;
     my $ulsout='';
     my $ulsfn;
+
+    my ($crscheck,$toplevel,$currdom,$currnum,$skip);
+    unless ($islocal) {
+        my ($major,$minor) = split(/\./,$clientversion);
+        if (($major < 2) || ($major == 2 && $minor < 12)) {
+            $crscheck = 1;
+        }
+    }
     if (-e $ulsdir) {
         if(-d $ulsdir) {
             unless (($getpropath) || ($getuserdir) ||
@@ -1904,8 +1926,26 @@ sub ls3_handler {
                 &Failure($client,"refused\n",$userinput);
                 return 1;
             }
-            if (opendir(LSDIR,$ulsdir)) {
+            if (($crscheck) &&
+                ($ulsdir =~ m{^/home/httpd/html/res/($LONCAPA::match_domain)(/?$|/$LONCAPA::match_courseid)})) {
+                ($currdom,my $posscnum) = ($1,$2);
+                if (($posscnum eq '') || ($posscnum eq '/')) {
+                    $toplevel = 1;
+                } else {
+                    $posscnum =~ s{^/+}{};
+                    if (&LONCAPA::Lond::is_course($currdom,$posscnum)) {
+                        $skip = 1;
+                    }
+                }
+            }
+            if ((!$skip) && (opendir(LSDIR,$ulsdir))) {
                 while ($ulsfn=readdir(LSDIR)) {
+                    if (($crscheck) && ($toplevel) && ($currdom ne '') &&
+                        ($ulsfn =~ /^$LONCAPA::match_courseid$/) && (-d "$ulsdir/$ulsfn")) {
+                        if (&LONCAPA::Lond::is_course($currdom,$ulsfn)) {
+                            next;
+                        }
+                    }
                     undef($obs);
                     undef($rights);
                     my @ulsstats=stat($ulsdir.'/'.$ulsfn);
@@ -2083,8 +2123,8 @@ sub server_distarch_handler {
 sub server_certs_handler {
     my ($cmd,$tail,$client) = @_;
     my $userinput = "$cmd:$tail";
-    my $result;
-    my $result = &LONCAPA::Lond::server_certs(\%perlvar);
+    my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
+    my $result = &LONCAPA::Lond::server_certs(\%perlvar,$perlvar{'lonHostID'},$hostname);
     &Reply($client,\$result,$userinput);
     return;
 }
@@ -8896,7 +8936,7 @@ is closed and the child exits.
 =item Red CRITICAL Can't get key file <error>        
 
 SSL key negotiation is being attempted but the call to
-lonssl::KeyFile  failed.  This usually means that the
+lonssl::KeyFile failed.  This usually means that the
 configuration file is not correctly defining or protecting
 the directories/files lonCertificateDirectory or
 lonnetPrivateKey