Commit ba3bb012 authored by Gary Wong's avatar Gary Wong

Don't put expired certificates in the CRL. They'll be rejected anyway,

so we might as well avoid cluttering up the list forever.
parent c3a7ee9b
...@@ -145,7 +145,8 @@ my $query_result = ...@@ -145,7 +145,8 @@ my $query_result =
DBQueryWarn("select idx,DN,UNIX_TIMESTAMP(created), ". DBQueryWarn("select idx,DN,UNIX_TIMESTAMP(created), ".
" UNIX_TIMESTAMP(revoked) ". " UNIX_TIMESTAMP(revoked) ".
" from user_sslcerts ". " from user_sslcerts ".
"where encrypted=1 and revoked is not null"); "where encrypted=1 and revoked is not null ".
"and expires > NOW()");
if (!$query_result) { if (!$query_result) {
fatal("Could not get the crl list from the DB"); fatal("Could not get the crl list from the DB");
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment