--- /usr/lib/ssl/misc/CA.pl	2014-02-02 17:06:47.000000000 +0100
+++ CA.pl	2014-03-31 18:42:32.786426275 +0200
@@ -33,6 +33,12 @@
 # Steve Henson
 # shenson@bigfoot.com
 
+# 02-Apr-14 dar    Added the option of generating a CRL and revoking 
+#				   certs.
+#
+# Dario
+# darizotas@gmail.com
+
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
@@ -57,6 +63,7 @@ $CATOP="./demoCA";
 $CAKEY="cakey.pem";
 $CAREQ="careq.pem";
 $CACERT="cacert.pem";
+$CACRL="crl.pem";
 
 $DIRMODE = 0777;
 
@@ -64,8 +71,8 @@ $RET = 0;
 
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify|-crl|-revoke cert-filename [reason]\n";
+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify|-crl|-revoke cert-filename [reason]\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
@@ -163,10 +170,27 @@ foreach (@ARGV) {
 		    $RET=$?;
 	    	    exit 0;
 	    }
+	} elsif (/^-crl$/) {
+		system ("$CA -gencrl -out $CATOP/crl/$CACRL");
+		$RET=$?;
+		print "Generated CRL is in $CATOP/crl/$CACRL\n" if (!$RET);
+	} elsif (/^-revoke$/) {
+		my $cname = $ARGV[1];
+		if (!defined $cname) {
+			print "Certificate filename is required.\n";
+			print "Optionally a reason can be provided:unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold or removeFromCRL";
+			$RET=1;
+		} else {
+			my $reason = $ARGV[2];
+			my $cmd = "$CA -revoke \"$cname\"".(defined $reason? " -crl_reason $reason" : "");
+			system ($cmd);
+			$RET=$?;
+			exit $RET;
+		}
 	} else {
 	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify|-crl|-revoke cert-filename [reason]\n";
+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify|-crl|-revoke cert-filename [reason]\n";
 	    exit 1;
 	}
 }