dmvpn-ca: issue new CRL before expiryv0.4.1

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2018-09-01 23:34:06 +0300
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2018-09-01 23:39:55 +0300
commit: a441bae6263c71d514bcecd970f45345bfea2080 (patch)
tree: 879a348dc141b7479921583097743b5e80b93c31
parent: da410f2d0e3a67f1960e08e04142856cb84d5ba0 (diff)
download: dmvpn-tools-a441bae6263c71d514bcecd970f45345bfea2080.tar.bz2
dmvpn-tools-a441bae6263c71d514bcecd970f45345bfea2080.tar.xz
2 files changed, 4 insertions, 2 deletions
diff --git a/dmvpn-ca b/dmvpn-ca
index a507941..7e1b122 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -731,7 +731,8 @@ end
 
 function get_crl()
 	local row = select_one('expires, data', 'crl', nil, 'n')
-	return row and row[1] > now and x509crl.new(row[2]) or generate_crl()
+	return row and now < row[1] - config.crl.renewal and x509crl.new(row[2])
+		or generate_crl()
 end
 
 
diff --git a/dmvpn-ca.conf b/dmvpn-ca.conf
index 15dd39a..ffe6cc6 100644
--- a/dmvpn-ca.conf
+++ b/dmvpn-ca.conf
@@ -18,4 +18,5 @@ hub:
 
 crl:
   dist-point: 'http://example.com/dmvpn-ca.crl'
-  lifetime: 60
+  lifetime: 90
+  renewal: 30
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2018-09-01 23:34:06 +0300
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2018-09-01 23:39:55 +0300
commit	a441bae6263c71d514bcecd970f45345bfea2080 (patch)
tree	879a348dc141b7479921583097743b5e80b93c31
parent	da410f2d0e3a67f1960e08e04142856cb84d5ba0 (diff)
download	dmvpn-tools-a441bae6263c71d514bcecd970f45345bfea2080.tar.bz2 dmvpn-tools-a441bae6263c71d514bcecd970f45345bfea2080.tar.xz