From 6db0238173e36182f2abc4dfcdda3a7c05babd11 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 21 Sep 2010 15:39:57 -0400
Subject: Allow selecting an OpenVPN Server CRL if we are in an SSL mode.

---
 etc/inc/openvpn.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'etc/inc/openvpn.inc')

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index a71a9ba..e41d39e 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -506,8 +506,10 @@ function openvpn_reconfigure($mode,& $settings) {
 			openvpn_add_keyfile($cert['prv'], $conf, $mode_id, "key");
 			if ($mode == 'server')
 				$conf .= "dh {$g['etc_path']}/dh-parameters.{$settings['dh_length']}\n";
-			if ($settings['crl'])
-				openvpn_add_keyfile($settings['crl'], $conf, $mode_id, "crl-verify");
+			if (!empty($settings['crlref'])) {
+				$crl = lookup_crl($settings['crlref']);
+				openvpn_add_keyfile($crl['text'], $conf, $mode_id, "crl-verify");
+			}
 			if ($settings['tls']) {
 				if (stristr($settings['mode'], "server"))
 					$tlsopt = 0;
-- 
cgit v1.1