On 9/27/2012 5:06 PM, Paul Heinlein wrote: > My guess is that, in most deployments, only the *.crl-verify file will > need to change during day-to-day operations. Any other change > (certificate, basic configuration, etc.) would necessitate a restart. > > Again, if I'm missing something, I'd be more than happy to be set straight!
Well I may have spoken a little too hastily, seems I did make a function when I wrote the CRL code called openvpn_refresh_crls() that rewrites just the CRLs if they change. Any time you press 'Save' on the CRL screen, or delete a cert from an active CRL, it will rewrite those files. So that does work as you describe if you are editing the same CRL that's currently in use. I don't recall if that worked for imported CRLs (I can't remember if you could paste in a new one or if it didn't let you edit an imported CRL) I don't have an imported one handy to test. So what doesn't work would be making a new CRL and then trying to 'swap' that in rather than just editing the existing CRL. Jim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
