From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 19 Apr 2015 10:51:44 +0000 (+0200)
Subject: ovpnmain.cgi: Update the certificate revocation list when a connection has been deleted.
X-Git-Tag: v2.17-core91~120
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fde9c9dd035ebd5a24527e1b99069d3df5a03d13;p=people%2Fstevee%2Fipfire-2.x.git

ovpnmain.cgi: Update the certificate revocation list when a connection has been deleted.

Reference #10554.
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 6bf7b2bfd5..fb52e68016 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2346,7 +2346,9 @@ else
 	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 	if ($confighash{$cgiparams{'KEY'}}) {
+		# Revoke certificate if certificate was deleted and rewrite the CRL
 		my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 
 ###
 # m.a.d net2net