From d21c8923134c61fc9312767cedd76f67898a33e8 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Thu, 3 Sep 2015 05:03:36 +0000
Subject: Add CRL support

---
 cert-updater/main.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'cert-updater/main.cpp')

diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp
index 0dc3a27..3466eaf 100644
--- a/cert-updater/main.cpp
+++ b/cert-updater/main.cpp
@@ -90,6 +90,8 @@ int main(int argc, char *argv[])
 		force_update = true;
 	}
 
+	bool ca_modified = false;
+
 	//======================================================================================================================================================
 	//
 	// Updater code follows
@@ -174,6 +176,13 @@ int main(int argc, char *argv[])
 					if (uploadKerberosCAFileToLDAP(ldap_mgr, &errorstring) != 0) {
 						printf("[ERROR] Unable to upload new certificate to LDAP server!\n%s\n", errorstring.ascii()); fflush(stdout);
 					}
+
+					// CRL
+					if (ldap_mgr->generatePKICRL(m_certconfig.caExpiryDays, m_realmconfig[m_defaultRealm], &errorstring) != 0) {
+						printf("[ERROR] Unable to generate CRL!\n%s\n", errorstring.ascii()); fflush(stdout);
+					}
+
+					ca_modified = true;
 		
 					delete ldap_mgr;
 				}
@@ -261,6 +270,9 @@ int main(int argc, char *argv[])
 		}
 	}
 
+	if (ca_modified)
+		force_update = true;
+
 	// Kerberos
 	if (TQFile::exists(kdc_certfile)) {
 		certExpiry = LDAPManager::getCertificateExpiration(kdc_certfile);
-- 
cgit v1.2.1