From 6141f51ac4bdf1a107754dc2b3f1f708957c5dd4 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Thu, 23 Jul 2015 00:20:46 -0500
Subject: When a CRL is updated, refresh strongswan's CRLs.

---
 usr/local/www/system_crlmanager.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'usr/local/www')

diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php
index 0198d84..2a46a39 100644
--- a/usr/local/www/system_crlmanager.php
+++ b/usr/local/www/system_crlmanager.php
@@ -160,7 +160,9 @@ if ($act == "addcert") {
 		if (!$input_errors) {
 			$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
 			cert_revoke($cert, $crl, $reason);
+			// refresh IPsec and OpenVPN CRLs 
 			openvpn_refresh_crls();
+			vpn_ipsec_configure();
 			write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
 			pfSenseHeader("system_crlmanager.php");
 			exit;
@@ -188,7 +190,9 @@ if ($act == "delcert") {
 	$crlname = htmlspecialchars($thiscrl['descr']);
 	if (cert_unrevoke($thiscert, $thiscrl)) {
 		$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
+		// refresh IPsec and OpenVPN CRLs 
 		openvpn_refresh_crls();
+		vpn_ipsec_configure();
 		write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname));
 	} else {
 		$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
@@ -258,7 +262,9 @@ if ($_POST) {
 		}
 
 		write_config("Saved CRL {$crl['descr']}");
+		// refresh IPsec and OpenVPN CRLs 
 		openvpn_refresh_crls();
+		vpn_ipsec_configure();
 		pfSenseHeader("system_crlmanager.php");
 	}
 }
-- 
cgit v1.1