Return to Lond.pm CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/Lond.pm between versions 1.11 and 1.14

version 1.11, 2018/08/09 14:04:30	version 1.14, 2018/12/22 17:06:02
Line 38 use LONCAPA;	Line 38 use LONCAPA;
use Apache::lonnet;	use Apache::lonnet;
use GDBM_File;	use GDBM_File;
use Crypt::OpenSSL::X509;	use Crypt::OpenSSL::X509;
	use Crypt::PKCS10;

sub dump_with_regexp {	sub dump_with_regexp {
my ( $tail, $clientversion ) = @_;	my ( $tail, $clientversion ) = @_;
Line 813 sub is_course {	Line 813 sub is_course {
}	}

sub server_certs {	sub server_certs {
my ($perlvar) = @_;	my ($perlvar,$lonhost,$hostname) = @_;
my %pemfiles = (	my %pemfiles = (
key => 'lonnetPrivateKey',	key => 'lonnetPrivateKey',
host => 'lonnetCertificate',	host => 'lonnetCertificate',
hostname => 'lonnetHostnameCertificate',	hostname => 'lonnetHostnameCertificate',
ca => 'lonnetCertificateAuthority',	ca => 'lonnetCertificateAuthority',
);	);
my (%md5hash,%info);	my (%md5hash,%expected_cn,%expired,%revoked,%wrongcn,%info,$crlfile);
	%info = (
	key => {},
	ca => {},
	host => {},
	hostname => {},
	);
if (ref($perlvar) eq 'HASH') {	if (ref($perlvar) eq 'HASH') {
	$expected_cn{'host'} = $Apache::lonnet::serverhomeIDs{$hostname};
	$expected_cn{'hostname'} = 'internal-'.$hostname;
my $certsdir = $perlvar->{'lonCertificateDirectory'};	my $certsdir = $perlvar->{'lonCertificateDirectory'};
if (-d $certsdir) {	if (-d $certsdir) {
	$crlfile = $certsdir.'/'.$perlvar->{'lonnetCertRevocationList'};
foreach my $key (keys(%pemfiles)) {	foreach my $key (keys(%pemfiles)) {
if ($perlvar->{$pemfiles{$key}}) {	if ($perlvar->{$pemfiles{$key}}) {
my $file = $certsdir.'/'.$perlvar->{$pemfiles{$key}};	my $file = $certsdir.'/'.$perlvar->{$pemfiles{$key}};
Line 838 sub server_certs {	Line 847 sub server_certs {
if (open(PIPE,"openssl rsa -noout -modulus -in $file \| openssl md5 \|")) {	if (open(PIPE,"openssl rsa -noout -modulus -in $file \| openssl md5 \|")) {
$md5hash{$key} = <PIPE>;	$md5hash{$key} = <PIPE>;
close(PIPE);	close(PIPE);
	chomp($md5hash{$key});
}	}
} else {	} else {
if ($key eq 'ca') {	if ($key eq 'ca') {
Line 856 sub server_certs {	Line 866 sub server_certs {
if (open(PIPE,"openssl x509 -noout -modulus -in $file \| openssl md5 \|")) {	if (open(PIPE,"openssl x509 -noout -modulus -in $file \| openssl md5 \|")) {
$md5hash{$key} = <PIPE>;	$md5hash{$key} = <PIPE>;
close(PIPE);	close(PIPE);
	chomp($md5hash{$key});
}	}
}	}
my $x509 = Crypt::OpenSSL::X509->new_from_file($file);	my $x509 = Crypt::OpenSSL::X509->new_from_file($file);
Line 871 sub server_certs {	Line 882 sub server_certs {
$info{$key}{'alg'} = $x509->sig_alg_name();	$info{$key}{'alg'} = $x509->sig_alg_name();
$info{$key}{'size'} = $x509->bit_length();	$info{$key}{'size'} = $x509->bit_length();
$info{$key}{'email'} = $x509->email();	$info{$key}{'email'} = $x509->email();
	$info{$key}{'serial'} = $x509->serial();
	$info{$key}{'issuerhash'} = $x509->issuer_hash();
	if ($x509->checkend(0)) {
	$expired{$key} = 1;
	}
	if (($key eq 'host') \|\| ($key eq 'hostname')) {
	if ($info{$key}{'cn'} ne $expected_cn{$key}) {
	$wrongcn{$key} = 1;
	}
	if ((-e $crlfile) && ($info{$key}{'serial'} =~ /^\w+$/)) {
	my $serial = $info{$key}{'serial'};
	if (open(PIPE,"openssl crl -inform PEM -text -in $crlfile \| grep $serial \|")) {
	my $result = <PIPE>;
	close(PIPE);
	chomp($result);
	if ($result ne '') {
	$revoked{$key} = 1;
	}
	}
	}
	}
	}
	}
	if (($key eq 'host') \|\| ($key eq 'hostname')) {
	my $csrfile = $file;
	$csrfile =~ s/\.pem$/.csr/;
	if (-e $csrfile) {
	if (open(PIPE,"openssl req -noout -modulus -in $csrfile \|openssl md5 \|")) {
	my $csrhash = <PIPE>;
	close(PIPE);
	chomp($csrhash);
	if ((!-e $file) \|\| ($csrhash ne $md5hash{$key}) \|\| ($expired{$key}) \|\|
	($wrongcn{$key}) \|\| ($revoked{$key})) {
	Crypt::PKCS10->setAPIversion(1);
	my $decoded = Crypt::PKCS10->new( $csrfile,(PEMonly => 1, readFile => 1));
	if (ref($decoded)) {
	if ($decoded->commonName() eq $expected_cn{$key}) {
	$info{$key.'-csr'}{'cn'} = $decoded->commonName();
	$info{$key.'-csr'}{'alg'} = $decoded->pkAlgorithm();
	$info{$key.'-csr'}{'email'} = $decoded->emailAddress();
	my $params = $decoded->subjectPublicKeyParams();
	if (ref($params) eq 'HASH') {
	$info{$key.'-csr'}{'size'} = $params->{keylen};
	}
	$md5hash{$key.'-csr'} = $csrhash;
	}
	}
	}
	}
}	}
}	}
}	}
Line 880 sub server_certs {	Line 940 sub server_certs {
foreach my $key ('host','hostname') {	foreach my $key ('host','hostname') {
if ($md5hash{$key}) {	if ($md5hash{$key}) {
if ($md5hash{$key} eq $md5hash{'key'}) {	if ($md5hash{$key} eq $md5hash{'key'}) {
$info{$key}{'status'} = 'ok';	if ($revoked{$key}) {
	$info{$key}{'status'} = 'revoked';
	} elsif ($expired{$key}) {
	$info{$key}{'status'} = 'expired';
	} elsif ($wrongcn{$key}) {
	$info{$key}{'status'} = 'wrongcn';
	} elsif ((exists($info{'ca'}{'issuerhash'})) &&
	($info{'ca'}{'issuerhash'} ne $info{$key}{'issuerhash'})) {
	$info{$key}{'status'} = 'mismatch';
	} else {
	$info{$key}{'status'} = 'ok';
	}
} elsif ($info{'key'}{'status'} =~ /ok/) {	} elsif ($info{'key'}{'status'} =~ /ok/) {
$info{$key}{'status'} = 'otherkey';	$info{$key}{'status'} = 'otherkey';
} else {	} else {
$info{$key}{'status'} = 'nokey';	$info{$key}{'status'} = 'nokey';
}	}
}	}
	if ($md5hash{$key.'-csr'}) {
	if ($md5hash{$key.'-csr'} eq $md5hash{'key'}) {
	$info{$key.'-csr'}{'status'} = 'ok';
	} elsif ($info{'key'}{'status'} =~ /ok/) {
	$info{$key.'-csr'}{'status'} = 'otherkey';
	} else {
	$info{$key.'-csr'}{'status'} = 'nokey';
	}
	}
}	}
my $result;	my $result;
foreach my $key (keys(%info)) {	foreach my $key (keys(%info)) {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.11
changed lines
	Added in v.1.14