diff options
| -rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 36 | ||||
| -rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm | 36 |
2 files changed, 64 insertions, 8 deletions
diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index eda7745cf..bc8eaa919 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -327,11 +327,39 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } - # Append security domain getCRL URL to end of "revocator.conf" - open(REVOCATOR_CONF, ">>$instDir/conf/revocator.conf"); - print REVOCATOR_CONF "CRLFile \"" . $sdom + # Rewrite "revocator.conf", activating the CRLEngine, and appending + # the security domain getCRL URL to end of the file + open( TMP_REVOCATOR_CONF, ">$instDir/conf/revocator.conf.tmp" ); + system( "chmod 00660 $instDir/conf/revocator.conf.tmp" ); + open( REVOCATOR_CONF, "<$instDir/conf/revocator.conf" ); + while( <REVOCATOR_CONF> ) { + if( /^CRLEngine/ ) { + # Bugzilla Bug #493122: Activate CRLEngine on RHEL, + # but NOT on Fedora! + if( -e "/etc/fedora-release" ) { + print TMP_REVOCATOR_CONF "CRLEngine off\n"; + } else { + print TMP_REVOCATOR_CONF "CRLEngine on\n"; + } + } else { + print TMP_REVOCATOR_CONF $_; + } + } + # Append security domain getCRL URL to end of "revocator.conf.tmp" + print TMP_REVOCATOR_CONF "CRLFile \"" . $sdom . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; - close(REVOCATOR_CONF); + close( REVOCATOR_CONF ); + close( TMP_REVOCATOR_CONF ); + + # Create a copy of the original file which + # preserves the original file permissions + system( "cp -p $instDir/conf/revocator.conf.tmp " + . "$instDir/conf/revocator.conf" ); + + # Remove the original file only if the backup copy was successful + if( -e "$instDir/conf/revocator.conf" ) { + system( "rm $instDir/conf/revocator.conf.tmp" ); + } &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm index a172a51ef..ae01dcfa1 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm @@ -340,11 +340,39 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } - # Append security domain getCRL URL to end of "revocator.conf" - open(REVOCATOR_CONF, ">>$instDir/conf/revocator.conf"); - print REVOCATOR_CONF "CRLFile \"" . $sdom + # Rewrite "revocator.conf", activating the CRLEngine, and appending + # the security domain getCRL URL to end of the file + open( TMP_REVOCATOR_CONF, ">$instDir/conf/revocator.conf.tmp" ); + system( "chmod 00660 $instDir/conf/revocator.conf.tmp" ); + open( REVOCATOR_CONF, "<$instDir/conf/revocator.conf" ); + while( <REVOCATOR_CONF> ) { + if( /^CRLEngine/ ) { + # Bugzilla Bug #493122: Activate CRLEngine on RHEL, + # but NOT on Fedora! + if( -e "/etc/fedora-release" ) { + print TMP_REVOCATOR_CONF "CRLEngine off\n"; + } else { + print TMP_REVOCATOR_CONF "CRLEngine on\n"; + } + } else { + print TMP_REVOCATOR_CONF $_; + } + } + # Append security domain getCRL URL to end of "revocator.conf.tmp" + print TMP_REVOCATOR_CONF "CRLFile \"" . $sdom . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; - close(REVOCATOR_CONF); + close( REVOCATOR_CONF ); + close( TMP_REVOCATOR_CONF ); + + # Create a copy of the original file which + # preserves the original file permissions + system( "cp -p $instDir/conf/revocator.conf.tmp " + . "$instDir/conf/revocator.conf" ); + + # Remove the original file only if the backup copy was successful + if( -e "$instDir/conf/revocator.conf" ) { + system( "rm $instDir/conf/revocator.conf.tmp" ); + } &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain"); |