From 9a77be0040ccce0dc7d3a7778a51d0a541b50bdf Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 6 Oct 2022 11:23:36 +0200
Subject: [PATCH] System/Trust/Revocation - Fix inconsistent is_crl_internal()
 implementation and make sure we always generate a crl when saved

---
 src/etc/inc/certs.inc         | 2 +-
 src/www/system_crlmanager.php | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
index 960ca2766..6870cae8e 100644
--- a/src/etc/inc/certs.inc
+++ b/src/etc/inc/certs.inc
@@ -824,7 +824,7 @@ function is_openvpn_server_crl($crlref)
 
 function is_crl_internal($crl)
 {
-    return (!(!empty($crl['text']) && empty($crl['cert'])) || ($crl["crlmethod"] ?? '' == "internal"));
+    return $crl["crlmethod"] ?? '' == "internal";
 }
 
 function cert_get_cn($crt, $isref = false)
diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php
index 03d11d05d..60033895d 100644
--- a/src/www/system_crlmanager.php
+++ b/src/www/system_crlmanager.php
@@ -235,6 +235,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
                 $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
                 $crl['cert'] = array();
+                crl_update($crl);
             }
 
             if (!isset($id)) {