aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xdmvpn-ca3
-rw-r--r--dmvpn-ca.conf3
2 files changed, 4 insertions, 2 deletions
diff --git a/dmvpn-ca b/dmvpn-ca
index a507941..7e1b122 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -731,7 +731,8 @@ end
function get_crl()
local row = select_one('expires, data', 'crl', nil, 'n')
- return row and row[1] > now and x509crl.new(row[2]) or generate_crl()
+ return row and now < row[1] - config.crl.renewal and x509crl.new(row[2])
+ or generate_crl()
end
diff --git a/dmvpn-ca.conf b/dmvpn-ca.conf
index 15dd39a..ffe6cc6 100644
--- a/dmvpn-ca.conf
+++ b/dmvpn-ca.conf
@@ -18,4 +18,5 @@ hub:
crl:
dist-point: 'http://example.com/dmvpn-ca.crl'
- lifetime: 60
+ lifetime: 90
+ renewal: 30