From dacacd128f1a7cde37481857d27cf445833b0489 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Tue, 26 Jan 2016 16:33:28 +0100
Subject: [PATCH] upd: factor out paths in CRL writing

---
 src/crypto/remoteSigner.cpp | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index f4680d6..6c003c3 100644
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -164,7 +164,8 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
 
     payload = parseCommand( head, conn->readLine() );
 
-    auto crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl" ) );
+    std::string tgtName = ca->path + std::string( "/ca.crl" );
+    auto crl = std::make_shared<CRL>( tgtName );
     std::string date;
 
     if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
@@ -187,7 +188,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
 
     if( ok ) {
         logger::note( "CRL verificated successfully" );
-        writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+        writeFile( tgtName, crl->toString() );
     } else {
         logger::warn( "CRL is broken, trying to recover" );
         send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
@@ -198,19 +199,21 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
             throw "Protocol violation";
         }
 
-        writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
-        crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl.bak" ) );
+        std::string name_bak = ca->path + std::string( "/ca.crl.bak" );
+        writeFile( name_bak, payload );
+        crl = std::make_shared<CRL>( name_bak );
 
         if( crl->verify( ca ) ) {
-            writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+            writeFile( tgtName, crl->toString() );
+            if( remove( name_bak.c_str() ) != 0 ){
+                logger::warn( "Removing old CRL failed" );
+            }
             logger::note( "CRL is now valid again" );
         } else {
             logger::warn( "CRL is still broken... Please, help me" );
         }
     }
 
-    logger::debug( "CRL:\n", crl->toString() );
-
     logger::note( "Closing SSL connection" );
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         logger::warn( "SSL shutdown failed" );
-- 
2.39.2