diff options
| author | Timothy Pearson <[email protected]> | 2015-09-03 05:03:36 +0000 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2015-09-03 05:03:36 +0000 |
| commit | d21c8923134c61fc9312767cedd76f67898a33e8 (patch) | |
| tree | 14446f90d1673da1ab31edefc7f9a4f5ecf964be /cert-updater/main.cpp | |
| parent | 75a61a29a31f0dcfceeb964204b50ea00dbc2d58 (diff) | |
| download | kcmldapcontroller-d21c8923134c61fc9312767cedd76f67898a33e8.tar.gz kcmldapcontroller-d21c8923134c61fc9312767cedd76f67898a33e8.zip | |
Add CRL support
Diffstat (limited to 'cert-updater/main.cpp')
| -rw-r--r-- | cert-updater/main.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp index 0dc3a27..3466eaf 100644 --- a/cert-updater/main.cpp +++ b/cert-updater/main.cpp @@ -90,6 +90,8 @@ int main(int argc, char *argv[]) force_update = true; } + bool ca_modified = false; + //====================================================================================================================================================== // // Updater code follows @@ -174,6 +176,13 @@ int main(int argc, char *argv[]) if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) { printf("[ERROR] Unable to upload new certificate to LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout); } + + // CRL + if (ldap_mgr->generatePKICRL(m_certconfig.caExpiryDays, m_realmconfig[m_defaultRealm], &errorstring) != 0) { + printf("[ERROR] Unable to generate CRL!\n%s\n", errorstring.ascii()); fflush(stdout); + } + + ca_modified = true; delete ldap_mgr; } @@ -261,6 +270,9 @@ int main(int argc, char *argv[]) } } + if (ca_modified) + force_update = true; + // Kerberos if (TQFile::exists(kdc_certfile)) { certExpiry = LDAPManager::getCertificateExpiration(kdc_certfile); |