version 1.12, 2018/08/18 22:07:48
|
version 1.14, 2018/12/22 17:06:02
|
Line 821 sub server_certs {
|
Line 821 sub server_certs {
|
ca => 'lonnetCertificateAuthority', |
ca => 'lonnetCertificateAuthority', |
); |
); |
my (%md5hash,%expected_cn,%expired,%revoked,%wrongcn,%info,$crlfile); |
my (%md5hash,%expected_cn,%expired,%revoked,%wrongcn,%info,$crlfile); |
|
%info = ( |
|
key => {}, |
|
ca => {}, |
|
host => {}, |
|
hostname => {}, |
|
); |
if (ref($perlvar) eq 'HASH') { |
if (ref($perlvar) eq 'HASH') { |
$expected_cn{'host'} = $lonhost; |
$expected_cn{'host'} = $Apache::lonnet::serverhomeIDs{$hostname}; |
$expected_cn{'hostname'} = 'internal-'.$hostname; |
$expected_cn{'hostname'} = 'internal-'.$hostname; |
my $certsdir = $perlvar->{'lonCertificateDirectory'}; |
my $certsdir = $perlvar->{'lonCertificateDirectory'}; |
if (-d $certsdir) { |
if (-d $certsdir) { |
Line 877 sub server_certs {
|
Line 883 sub server_certs {
|
$info{$key}{'size'} = $x509->bit_length(); |
$info{$key}{'size'} = $x509->bit_length(); |
$info{$key}{'email'} = $x509->email(); |
$info{$key}{'email'} = $x509->email(); |
$info{$key}{'serial'} = $x509->serial(); |
$info{$key}{'serial'} = $x509->serial(); |
|
$info{$key}{'issuerhash'} = $x509->issuer_hash(); |
if ($x509->checkend(0)) { |
if ($x509->checkend(0)) { |
$expired{$key} = 1; |
$expired{$key} = 1; |
} |
} |
Line 939 sub server_certs {
|
Line 946 sub server_certs {
|
$info{$key}{'status'} = 'expired'; |
$info{$key}{'status'} = 'expired'; |
} elsif ($wrongcn{$key}) { |
} elsif ($wrongcn{$key}) { |
$info{$key}{'status'} = 'wrongcn'; |
$info{$key}{'status'} = 'wrongcn'; |
|
} elsif ((exists($info{'ca'}{'issuerhash'})) && |
|
($info{'ca'}{'issuerhash'} ne $info{$key}{'issuerhash'})) { |
|
$info{$key}{'status'} = 'mismatch'; |
} else { |
} else { |
$info{$key}{'status'} = 'ok'; |
$info{$key}{'status'} = 'ok'; |
} |
} |