--- loncom/lonssl.pm	2018/12/10 17:34:22	1.21
+++ loncom/lonssl.pm	2018/12/11 13:05:40	1.22
@@ -1,5 +1,5 @@
 #
-# $Id: lonssl.pm,v 1.21 2018/12/10 17:34:22 raeburn Exp $
+# $Id: lonssl.pm,v 1.22 2018/12/11 13:05:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -138,7 +138,7 @@ sub PromoteClientSocket {
         $peerdef,
         $CRLFile) = @_;
 
-    Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer\n");
+    Debug("Client promotion using key: $KeyFile, Cert: $MyCert, CA: $CACert, CRL: $CRLFile, Remote Host: $peer, RemoteDefHost: $peerdef\n");
 
     # To create the ssl socket we need to duplicate the existing
     # socket.  Otherwise closing the ssl socket will close the plaintext socket
@@ -418,13 +418,19 @@ sub has_badcert_file {
 }
 
 sub Read_Connect_Config {
-    my ($secureconf,$perlvarref) = @_;
+    my ($secureconf,$perlvarref,$crlchecked) = @_;
     return unless (ref($secureconf) eq 'HASH');
 
     unless (ref($perlvarref) eq 'HASH') {
         $perlvarref = $perlvar;
     }
 
+    # Clear hash of clients in lond for which Certificate Revocation List checked
+    if (ref($crlcheckedref) eq 'HASH') {
+        foreach my $key (keys(%{$crlcheckedref})) {
+            delete($crlcheckedref->{$key});
+        }
+    }
     # Clean out the old table first.
     foreach my $key (keys(%{$secureconf})) {
         delete($secureconf->{$key});