--- loncom/lonnet/perl/lonnet.pm 2018/07/04 16:58:29 1.1378
+++ loncom/lonnet/perl/lonnet.pm 2018/07/18 13:45:03 1.1379
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1378 2018/07/04 16:58:29 raeburn Exp $
+# $Id: lonnet.pm,v 1.1379 2018/07/18 13:45:03 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -13519,15 +13519,17 @@ sub get_dns {
}
my %alldns;
- open(my $config,"<","$perlvar{'lonTabDir'}/hosts.tab");
- foreach my $dns (<$config>) {
- next if ($dns !~ /^\^(\S*)/x);
- my $line = $1;
- my ($host,$protocol) = split(/:/,$line);
- if ($protocol ne 'https') {
- $protocol = 'http';
+ if (open(my $config,"<","$perlvar{'lonTabDir'}/hosts.tab")) {
+ foreach my $dns (<$config>) {
+ next if ($dns !~ /^\^(\S*)/x);
+ my $line = $1;
+ my ($host,$protocol) = split(/:/,$line);
+ if ($protocol ne 'https') {
+ $protocol = 'http';
+ }
+ $alldns{$host} = $protocol;
}
- $alldns{$host} = $protocol;
+ close($config);
}
while (%alldns) {
my ($dns) = sort { $b cmp $a } keys(%alldns);
@@ -13535,19 +13537,33 @@ sub get_dns {
my $response = &LONCAPA::LWPReq::makerequest('',$request,'',\%perlvar,30,0);
delete($alldns{$dns});
next if ($response->is_error());
- my @content = split("\n",$response->content);
- unless ($nocache) {
- &do_cache_new('dns',$url,\@content,30*24*60*60);
- }
- &$func(\@content,$hashref);
- return;
+ if ($url eq '/adm/dns/loncapaCRL') {
+ return &$func($response);
+ } else {
+ my @content = split("\n",$response->content);
+ unless ($nocache) {
+ &do_cache_new('dns',$url,\@content,30*24*60*60);
+ }
+ &$func(\@content,$hashref);
+ return;
+ }
+ }
+ my $which = (split('/',$url,4))[3];
+ if ($which eq 'loncapaCRL') {
+ my $diskfile = "$perlvar{'lonCertificateDirectory'}/$perlvar{'lonnetCertRevocationList'}";
+ if (-e $diskfile) {
+ &logthis("unable to contact DNS, on disk file $diskfile not updated");
+ } else {
+ &logthis("unable to contact DNS, no on disk file $diskfile available");
+ }
+ } else {
+ &logthis("unable to contact DNS defaulting to on disk file dns_$which.tab\n");
+ if (open(my $config,"<","$perlvar{'lonTabDir'}/dns_$which.tab")) {
+ my @content = <$config>;
+ close($config);
+ &$func(\@content,$hashref);
+ }
}
- close($config);
- my $which = (split('/',$url))[3];
- &logthis("unable to contact DNS defaulting to on disk file dns_$which.tab\n");
- open($config,"<","$perlvar{'lonTabDir'}/dns_$which.tab");
- my @content = <$config>;
- &$func(\@content,$hashref);
return;
}
@@ -13607,6 +13623,47 @@ sub fetch_dns_checksums {
return \%checksums;
}
+sub fetch_crl_pemfile {
+ return &get_dns("/adm/dns/loncapaCRL",\&save_crl_pem,1,1);
+}
+
+sub save_crl_pem {
+ my ($response) = @_;
+ my $msg;
+ if (ref($response)) {
+ my $now = time;
+ my $lonca = $perlvar{'lonCertificateDirectory'}.'/'.$perlvar{'lonnetCertificateAuthority'};
+ my $tmpcrl = $tmpdir.'/'.$perlvar{'lonnetCertRevocationList'}.'_'.$now.'.'.$$.'.tmp';
+ if (open(my $fh,'>',"$tmpcrl")) {
+ print $fh $response->content;
+ close($fh);
+ if (-e $lonca) {
+ if (open(PIPE,"openssl crl -in $tmpcrl -inform pem -CAfile $lonca -noout 2>&1 |")) {
+ my $check = <PIPE>;
+ close(PIPE);
+ chomp($check);
+ if ($check eq 'verify OK') {
+ my $dest = "$perlvar{'lonCertificateDirectory'}/$perlvar{'lonnetCertRevocationList'}";
+ if (-e $dest) {
+ &File::Copy::move($dest,"$dest.bak");
+ }
+ if (&File::Copy::move($tmpcrl,$dest)) {
+ $msg = 'ok';
+ }
+ } else {
+ unlink($tmpcrl);
+ }
+ } else {
+ unlink($tmpcrl);
+ }
+ } else {
+ unlink($tmpcrl);
+ }
+ }
+ }
+ return $msg;
+}
+
# ------------------------------------------------------------ Read domain file
{
my $loaded;