Allow selecting an OpenVPN Server CRL if we are in an SSL mode.

author: jim-p <jimp@pfsense.org> 2010-09-21 15:39:57 -0400
committer: jim-p <jimp@pfsense.org> 2010-09-21 15:39:57 -0400
commit: 6db0238173e36182f2abc4dfcdda3a7c05babd11 (patch)
tree: 26468c2a130b4451d07dcb0332a46aa5f942ffb6 /etc/inc/openvpn.inc
parent: c492948a820e7b8e6fc34cee099309307a4d3f7b (diff)
download: pfsense-6db0238173e36182f2abc4dfcdda3a7c05babd11.zip
pfsense-6db0238173e36182f2abc4dfcdda3a7c05babd11.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index a71a9ba..e41d39e 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -506,8 +506,10 @@ function openvpn_reconfigure($mode,& $settings) {
 			openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");
 			if ($mode == 'server')
 				$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n";
-			if ($settings['crl'])
-				openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify");
+			if (!empty($settings['crlref'])) {
+				$crl = lookup_crl($settings['crlref']);
+				openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify");
+			}
 			if ($settings['tls']) {
 				if (stristr($settings['mode'], "server"))
 					$tlsopt = 0;
author	jim-p <jimp@pfsense.org>	2010-09-21 15:39:57 -0400
committer	jim-p <jimp@pfsense.org>	2010-09-21 15:39:57 -0400
commit	6db0238173e36182f2abc4dfcdda3a7c05babd11 (patch)
tree	26468c2a130b4451d07dcb0332a46aa5f942ffb6 /etc/inc/openvpn.inc
parent	c492948a820e7b8e6fc34cee099309307a4d3f7b (diff)
download	pfsense-6db0238173e36182f2abc4dfcdda3a7c05babd11.zip pfsense-6db0238173e36182f2abc4dfcdda3a7c05babd11.tar.gz