From a441bae6263c71d514bcecd970f45345bfea2080 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Sat, 1 Sep 2018 23:34:06 +0300
Subject: dmvpn-ca: issue new CRL before expiry

---
 dmvpn-ca | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'dmvpn-ca')

diff --git a/dmvpn-ca b/dmvpn-ca
index a507941..7e1b122 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -731,7 +731,8 @@ end
 
 function get_crl()
 	local row = select_one('expires, data', 'crl', nil, 'n')
-	return row and row[1] > now and x509crl.new(row[2]) or generate_crl()
+	return row and now < row[1] - config.crl.renewal and x509crl.new(row[2])
+		or generate_crl()
 end
 
 
-- 
cgit v1.2.3