diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/createlinks mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks
--- smeserver-openvpn-s2s-0.1/createlinks	2010-10-17 23:38:54.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks	2010-10-17 23:27:55.000000000 +0200
@@ -11,9 +11,11 @@
 
 event_link("openvpn-s2s-delete-networks", "openvpn-s2s-update", "10");
 event_link("openvpn-s2s-genconf", "openvpn-s2s-update", "20");
+event_link("openvpn-s2s-update-crl", "openvpn-s2s-update", "30");
 event_link("openvpn-s2s-genconf", "bootstrap-console-save", "80");
 
 templates2events("/etc/rc.d/init.d/masq", qw/openvpn-s2s-update/);
+templates2events("/etc/crontab", qw/openvpn-s2s-update/);
 
 panel_link("openvpns2s", 'manager');
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/events/actions/openvpn-s2s-update-crl	2010-10-17 23:35:10.000000000 +0200
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
+
+for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
+    URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
+    AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
+
+    if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
+
+        /usr/bin/wget $URL -O /tmp/cacrl.pem > /dev/null 2>&1
+
+        /usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
+
+        if [ "$?" -eq "0" ]; then
+            /bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
+        else
+            cat > /tmp/crlmail <<END
+
+An error occured while updating the CRL for the VPN ID $VPN
+because openssl didn't recognize the file as a valid CRL.
+Below is the copy of the latest CRL downloaded from
+$URL
+
+END
+            cat /tmp/cacrl.pem >> /tmp/crlmail
+            mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
+        fi
+
+    rm -f /tmp/cacrl.pem
+    rm -f /tmp/crlmail
+    fi
+done
+
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/crontab/openvpn-s2s-crl	2010-10-17 23:38:48.000000000 +0200
@@ -0,0 +1,15 @@
+{
+if ((${'openvpn-s2s'}{'status'} || 'disabled') eq 'enabled'){
+    $OUT .=<<"HERE";
+# Update OpenVPN Site To Site CRLs
+10 * * * * root /etc/e-smith/events/actions/openvpn-s2s-update-crl 2>&1 /dev/null
+
+HERE
+else{
+    $OUT .=<<"HERE";
+# OpenVPN Site to Site service is disabled
+# CRL updates are not running
+
+HERE
+}
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key	2010-10-17 23:38:54.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/openvpn/s2s/openvpn-s2s.conf/30key	2010-10-17 23:23:40.000000000 +0200
@@ -8,23 +8,29 @@
 }
 elsif ($auth eq 'TLS'){
     if ($type eq 'server'){
-       $OUT .= "tls-server\n";
-       $OUT .= "ca pub/$key" . "_cacert.pem\n";
-       $OUT .= "cert pub/$key" . "_cert.pem\n";
-       $OUT .= "key priv/$key" . "_key.pem\n";
-       $OUT .= "dh pub/$key" . "_dh.pem\n";
-       $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
+        $OUT .= "tls-server\n";
+        $OUT .= "ca pub/$key" . "_cacert.pem\n";
+        $OUT .= "cert pub/$key" . "_cert.pem\n";
+        $OUT .= "key priv/$key" . "_key.pem\n";
+        $OUT .= "dh pub/$key" . "_dh.pem\n";
+        $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 0\n"
            if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
               ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
+        $OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
+           if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
+              ( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
     }
     else{
-       $OUT .= "tls-client\n";
-       $OUT .= "ca pub/$key" . "_cacert.pem\n";
-       $OUT .= "cert pub/$key" . "_cert.pem\n";
-       $OUT .= "key priv/$key" . "_key.pem\n";
-       $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
+        $OUT .= "tls-client\n";
+        $OUT .= "ca pub/$key" . "_cacert.pem\n";
+        $OUT .= "cert pub/$key" . "_cert.pem\n";
+        $OUT .= "key priv/$key" . "_key.pem\n";
+        $OUT .= "tls-auth priv/$key" . "_sharedkey.pem 1\n"
            if ( -e "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' ) &&
               ( ! -z "/etc/openvpn/s2s/priv/$key".'_sharedkey.pem' );
+                $OUT .= "crl-verify pub/$key" . "_cacrl.pem\n"
+           if ( -e "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' ) &&
+              ( ! -z "/etc/openvpn/s2s/pub/$key".'_cacrl.pem' );
     }
 }