From fa944e1dde0bb977608e463b04df4322d6ba6a04 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Thu, 23 Jul 2015 00:20:46 -0500
Subject: When a CRL is updated, refresh strongswan's CRLs.

---
 usr/local/www/system_crlmanager.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php
index c1ed823..f444da3 100644
--- a/usr/local/www/system_crlmanager.php
+++ b/usr/local/www/system_crlmanager.php
@@ -149,7 +149,9 @@ if ($act == "addcert") {
 		if (!$input_errors) {
 			$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
 			cert_revoke($cert, $crl, $reason);
+			// refresh IPsec and OpenVPN CRLs 
 			openvpn_refresh_crls();
+			vpn_ipsec_configure();
 			write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
 			pfSenseHeader("system_crlmanager.php");
 			exit;
@@ -177,7 +179,9 @@ if ($act == "delcert") {
 	$crlname = htmlspecialchars($thiscrl['descr']);
 	if (cert_unrevoke($thiscert, $thiscrl)) {
 		$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
+		// refresh IPsec and OpenVPN CRLs 
 		openvpn_refresh_crls();
+		vpn_ipsec_configure();
 		write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname));
 	} else {
 		$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
@@ -247,7 +251,9 @@ if ($_POST) {
 			$a_crl[] = $crl;
 
 		write_config("Saved CRL {$crl['descr']}");
+		// refresh IPsec and OpenVPN CRLs 
 		openvpn_refresh_crls();
+		vpn_ipsec_configure();
 		pfSenseHeader("system_crlmanager.php");
 	}
 }
-- 
cgit v1.1