5 files changed, 12 insertions, 8 deletions
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 549d0a7f7..01c469626 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -374,7 +374,7 @@ void load_crls(void)
  */
 static crl_reason_t parse_crl_reasonCode(chunk_t object)
 {
-	crl_reason_t reason = REASON_UNSPECIFIED;
+	crl_reason_t reason = CRL_UNSPECIFIED;
 
 	if (*object.ptr == ASN1_ENUMERATED
 	&&  asn1_length(&object) == 1)
@@ -448,7 +448,7 @@ bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl)
 				revokedCert_t *revokedCert = malloc_thing(revokedCert_t);
 				revokedCert->userCertificate = userCertificate;
 				revokedCert->revocationDate = asn1_parse_time(object, level);
-				revokedCert->revocationReason = REASON_UNSPECIFIED;
+				revokedCert->revocationReason = CRL_UNSPECIFIED;
 				revokedCert->next = crl->revokedCertificates;
 				crl->revokedCertificates = revokedCert;
 			}
@@ -519,7 +519,7 @@ check_revocation(const x509crl_t *crl, chunk_t serial
 	revokedCert_t *revokedCert = crl->revokedCertificates;
 
 	*revocationDate = UNDEFINED_TIME;
-	*revocationReason = REASON_UNSPECIFIED;
+	*revocationReason = CRL_UNSPECIFIED;
 	
 	DBG(DBG_CONTROL,
 		DBG_dump_chunk("serial number:", serial)
@@ -594,7 +594,7 @@ verify_by_crl(const x509cert_t *cert, time_t *until, time_t *revocationDate
 	generalName_t *crluri = (ca == NULL)? NULL : ca->crluri;
 
 	*revocationDate = UNDEFINED_TIME;
-	*revocationReason = REASON_UNSPECIFIED;
+	*revocationReason = CRL_UNSPECIFIED;
 
 	lock_crl_list("verify_by_crl");
 	crl = get_x509crl(cert->issuer, cert->authKeySerialNumber, cert->authKeyID);
diff --git a/src/pluto/crl.h b/src/pluto/crl.h
index 90a6586db..dcf039541 100644
--- a/src/pluto/crl.h
+++ b/src/pluto/crl.h
@@ -14,6 +14,8 @@
 
 #include "constants.h"
 
+#include <credentials/certificates/crl.h>
+
 /* access structure for a revoked serial number */
 
 typedef struct revokedCert revokedCert_t;
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index bb9242bdc..70621f843 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -112,7 +112,7 @@ const single_response_t empty_single_response = {
 	{ NULL, 0 }       , /* serial_number */
 	CERT_UNDEFINED    , /* status */
 	UNDEFINED_TIME    , /* revocationTime */
-	REASON_UNSPECIFIED, /* revocationReason */
+	CRL_UNSPECIFIED   , /* revocationReason */
 	UNDEFINED_TIME    , /* this_update */
 	UNDEFINED_TIME      /* next_update */
 };
@@ -425,7 +425,7 @@ cert_status_t verify_by_ocsp(const x509cert_t *cert, time_t *until,
 	time_t nextUpdate = 0;
 
 	*revocationDate = UNDEFINED_TIME;
-	*revocationReason = REASON_UNSPECIFIED;
+	*revocationReason = CRL_UNSPECIFIED;
 	
 	/* is an ocsp location defined? */
 	if (!build_ocsp_location(cert, &location))
@@ -1292,7 +1292,7 @@ static bool parse_ocsp_single_response(chunk_t blob, int level0,
 			break;
 		case SINGLE_RESPONSE_CERT_STATUS_CRL_REASON:
 			sres->revocationReason = (object.len == 1)
-				? *object.ptr : REASON_UNSPECIFIED;
+				? *object.ptr : CRL_UNSPECIFIED;
 			break;
 		case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN:
 			sres->status = CERT_UNKNOWN;
diff --git a/src/pluto/ocsp.h b/src/pluto/ocsp.h
index d8ee7bd8c..4615e6f76 100644
--- a/src/pluto/ocsp.h
+++ b/src/pluto/ocsp.h
@@ -15,6 +15,8 @@
 
 #include "constants.h"
 
+#include <credentials/certificates/crl.h>
+
 /* constants */
 
 #define OCSP_BASIC_RESPONSE_VERSION     1
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 0080add0b..9d3bf89b0 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -1986,7 +1986,7 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until)
 		{
 			time_t nextUpdate = *until;
 			time_t revocationDate = UNDEFINED_TIME;
-			crl_reason_t revocationReason = REASON_UNSPECIFIED;
+			crl_reason_t revocationReason = CRL_UNSPECIFIED;
 
 			/* first check certificate revocation using ocsp */
 			cert_status_t status = verify_by_ocsp(cert, &nextUpdate