--- loncom/lonssl.pm	2004/06/17 09:27:38	1.8
+++ loncom/lonssl.pm	2006/08/25 17:49:15	1.10
@@ -1,5 +1,5 @@
 #
-# $Id: lonssl.pm,v 1.8 2004/06/17 09:27:38 foxr Exp $
+# $Id: lonssl.pm,v 1.10 2006/08/25 17:49:15 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -52,6 +52,8 @@ my $perlvar;			#  this refers to the apa
 
 my $pathsep = "/";		# We're on unix after all.
 
+my $DEBUG = 0;			# Set to non zero to enable debug output.
+
 
 # Initialization code:
 
@@ -61,10 +63,18 @@ $perlvar = LONCAPA::Configuration::read_
 my $lasterror="";
 
 
+
 sub LastError {
     return $lasterror;
 }
 
+sub Debug {
+    my $msg  = shift;
+    if ($DEBUG) {
+	print STDERR $msg;
+    }
+}
+
 #-------------------------------------------------------------------------
 # Name SetFdBlocking - 
 #      Turn blocking mode on on the file handle.  This is required for
@@ -76,18 +86,18 @@ sub LastError {
 #      prior flag settings.
 #
 sub SetFdBlocking {
-    print STDERR "SetFdBlocking called \n";
+    Debug("SetFdBlocking called \n");
     my $Handle = shift;
 
 
 
     my $flags  = fcntl($Handle, F_GETFL, 0);
     if(!$flags) {
-	print STDERR "SetBLocking fcntl get faild $!\n";
+	Debug("SetBLocking fcntl get faild $!\n");
     }
     my $newflags  = $flags & (~ O_NONBLOCK); # Turn off O_NONBLOCK...
     if(!fcntl($Handle, F_SETFL, $newflags)) {
-	print STDERR "Can't set non block mode  $!\n";
+	Debug("Can't set non block mode  $!\n");
     }
     return $flags;
 }
@@ -119,7 +129,7 @@ sub PromoteClientSocket {
 	$KeyFile)          = @_;
     
     
-    print STDERR "Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert\n";
+    Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert\n");
 
     # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket
@@ -129,7 +139,7 @@ sub PromoteClientSocket {
 
     my $oldflags = SetFdBlocking($PlaintextSocket);
     my $dupfno   = fcntl($PlaintextSocket, F_DUPFD, 0);
-    print STDERR "Client promotion got dup = $dupfno\n";
+    Debug("Client promotion got dup = $dupfno\n");
 
     
     my $client = IO::Socket::SSL->new_from_fd($dupfno,
@@ -176,14 +186,14 @@ sub PromoteServerSocket {
     # socket.  Otherwise closing the ssl socket will close the plaintext socket
     # too:
 
-    print STDERR "Server promotion: Key = $KeyFile, Cert $MyCert CA $CACert\n";
+    Debug("Server promotion: Key = $KeyFile, Cert $MyCert CA $CACert\n");
  
     my $oldflags = SetFdBlocking($PlaintextSocket);
     my $dupfno   = fcntl($PlaintextSocket, F_DUPFD, 0);
     if (!$dupfno) {
-	print STDERR "dup failed: $!\n";
+	Debug("dup failed: $!\n");
     }
-    print STDERR " Fileno = $dupfno\n";
+    Debug(" Fileno = $dupfno\n");
     my $client = IO::Socket::SSL->new_from_fd($dupfno,
 					      SSL_server    => 1, # Server role.
 					      SSL_user_cert => 1,
@@ -263,8 +273,8 @@ sub CertificateFile {
     #   Build the actual filenames and check for their existence and
     #   readability.
     
-    my $CaFilename   = $CertificateDir.$pathsep.$CaFilename;
-    my $CertFilename = $CertificateDir.$pathsep.$CertFilename;
+    $CaFilename   = $CertificateDir.$pathsep.$CaFilename;
+    $CertFilename = $CertificateDir.$pathsep.$CertFilename;
     
     if((! -r $CaFilename) || (! -r $CertFilename)) {
 	$lasterror = "CA file $CaFilename or Cert File: $CertFilename "
@@ -304,7 +314,7 @@ sub KeyFile {
     # Build the actual filename and ensure that it not only exists but
     # is also readable:
     
-    my $KeyFilename    = $CertificateDir.$pathsep.$KeyFilename;
+    $KeyFilename    = $CertificateDir.$pathsep.$KeyFilename;
     if(! (-r $KeyFilename)) {
 	$lasterror = "Unreadable key file $KeyFilename";
 	return undef;