2 files changed, 32 insertions, 4 deletions
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf
index 473042fa..e66364c2 100644
--- a/myrpki/myrpki.conf
+++ b/myrpki/myrpki.conf
@@ -16,6 +16,8 @@ bpki_ca_certificate	= bpki-ca-cert.pem
 bpki_ca_key		= bpki-ca-key.pem
 bpki_ee_certificate	= bpki-ee-cert.pem
 bpki_ee_pkcs10		= bpki-ee-pkcs10.pem
+bpki_crl		= bpki-crl.pem
+bpki_index		= bpki-ca-index.idx
 
 output_filename		= myrpki.xml
 relaxng_schema		= myrpki.rng
@@ -34,3 +36,14 @@ CN                      = wombat
 basicConstraints	= critical,CA:true
 subjectKeyIdentifier	= hash
 authorityKeyIdentifier	= keyid:always
+
+[ca]
+default_ca		= ca_default
+
+[ca_default]
+
+database		= ${myrpki::bpki_index}
+certificate		= ${myrpki::bpki_ca_certificate}
+private_key		= ${myrpki::bpki_ca_key}
+default_crl_days	= 365
+default_md		= sha256
diff --git a/myrpki/myrpki.py b/myrpki/myrpki.py
index 79fb6239..a5225a65 100644
--- a/myrpki/myrpki.py
+++ b/myrpki/myrpki.py
@@ -150,7 +150,7 @@ def bpki_ca(e, bpki_ca_key_file, bpki_ca_cert_file, cfg_file):
                            "2048"))
 
   if not os.path.exists(bpki_ca_cert_file):
-    subprocess.check_call(("openssl", "req", "-new", "-sha256", "-x509",
+    subprocess.check_call(("openssl", "req", "-new", "-sha256", "-x509", "-verbose",
                            "-config", cfg_file,
                            "-extensions", "req_x509_ext",
                            "-key", bpki_ca_key_file,
@@ -172,9 +172,19 @@ def bpki_ee(e, bpki_ee_req_file, bpki_ee_cert_file, bpki_ca_cert_file, bpki_ca_k
 
     PEMElement(e, "bpki_ee_certificate", bpki_ee_cert_file)
 
-def bpki_crl(e):
-  pass
+def bpki_crl(e, bpki_crl_file, bpki_index_file, cfg_file):
+
+  if not os.path.exists(bpki_crl_file):
+
+    if not os.path.exists(bpki_index_file):
+      open(bpki_index_file, "w").close()
+
+    subprocess.check_call(("openssl", "ca", "-batch", "-verbose", "-gencrl",
+                           "-out", bpki_crl_file,
+                           "-config", cfg_file))
 
+  PEMElement(e, "bpki_crl", bpki_crl_file)
+  
 def extract_resources():
   pass
 
@@ -205,6 +215,8 @@ def main():
   bpki_ca_key_file  = cfg.get(myrpki_section, "bpki_ca_key")
   bpki_ee_cert_file = cfg.get(myrpki_section, "bpki_ee_certificate")
   bpki_ee_req_file  = cfg.get(myrpki_section, "bpki_ee_pkcs10")
+  bpki_crl_file     = cfg.get(myrpki_section, "bpki_crl")
+  bpki_index_file   = cfg.get(myrpki_section, "bpki_index")
   output_filename   = cfg.get(myrpki_section, "output_filename")
   relaxng_schema    = cfg.get(myrpki_section, "relaxng_schema")
 
@@ -223,7 +235,10 @@ def main():
           bpki_ee_cert_file = bpki_ee_cert_file,
           bpki_ca_cert_file = bpki_ca_cert_file,
           bpki_ca_key_file  = bpki_ca_key_file)
-  bpki_crl(e)
+  bpki_crl(e,
+           bpki_crl_file    = bpki_crl_file,
+           bpki_index_file  = bpki_index_file,
+           cfg_file         = cfg_file)
 
   ElementTree(e).write(output_filename + ".tmp")
   os.rename(output_filename + ".tmp", output_filename)