From fde9c9dd035ebd5a24527e1b99069d3df5a03d13 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 19 Apr 2015 12:51:44 +0200
Subject: [PATCH] ovpnmain.cgi: Update the certificate revocation list when a
 connection has been deleted.

Reference #10554.
---
 html/cgi-bin/ovpnmain.cgi | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 6bf7b2bfd5..fb52e68016 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2346,7 +2346,9 @@ else
 	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 	if ($confighash{$cgiparams{'KEY'}}) {
+		# Revoke certificate if certificate was deleted and rewrite the CRL
 		my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 
 ###
 # m.a.d net2net
-- 
2.39.5