--- loncom/lonnet/perl/lonnet.pm 2018/07/18 13:45:03 1.1379 +++ loncom/lonnet/perl/lonnet.pm 2018/08/07 17:12:25 1.1380 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1379 2018/07/18 13:45:03 raeburn Exp $ +# $Id: lonnet.pm,v 1.1380 2018/08/07 17:12:25 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -13629,7 +13629,7 @@ sub fetch_crl_pemfile { sub save_crl_pem { my ($response) = @_; - my $msg; + my ($msg,$hadchanges); if (ref($response)) { my $now = time; my $lonca = $perlvar{'lonCertificateDirectory'}.'/'.$perlvar{'lonnetCertificateAuthority'}; @@ -13644,11 +13644,43 @@ sub save_crl_pem { chomp($check); if ($check eq 'verify OK') { my $dest = "$perlvar{'lonCertificateDirectory'}/$perlvar{'lonnetCertRevocationList'}"; + my $backup; if (-e $dest) { - &File::Copy::move($dest,"$dest.bak"); + if (&File::Copy::move($dest,"$dest.bak")) { + $backup = 'ok'; + } } if (&File::Copy::move($tmpcrl,$dest)) { $msg = 'ok'; + if ($backup) { + my (%oldnums,%newnums); + if (open(PIPE, "openssl crl -inform PEM -text -noout -in $dest.bak |grep 'Serial Number' |")) { + while () { + $oldnums{(split(/:/))[1]} = 1; + } + close(PIPE); + } + if (open(PIPE, "openssl crl -inform PEM -text -noout -in $dest |grep 'Serial Number' |")) { + while() { + $newnums{(split(/:/))[1]} = 1; + } + close(PIPE); + } + foreach my $key (sort {$b <=> $a } (keys(%newnums))) { + unless (exists($oldnums{$key})) { + $hadchanges = 1; + last; + } + } + unless ($hadchanges) { + foreach my $key (sort {$b <=> $a } (keys(%oldnums))) { + unless (exists($newnums{$key})) { + $hadchanges = 1; + last; + } + } + } + } } } else { unlink($tmpcrl); @@ -13661,7 +13693,7 @@ sub save_crl_pem { } } } - return $msg; + return ($msg,$hadchanges); } # ------------------------------------------------------------ Read domain file