Using gnomemint to generate self-signed certificates.
CA is using a URL for CRL distribution and set the time between URL updates to 1 hour.
The URL is a dropbox URL.
I save the CRL file in my local folder and dropbox syncronize the file.
Tested with wget that the url is working.
Checking the certificate, I see that has the CRL as the expected URL.
Using openvpn site-to-site with tsl without CRL file, expecting that be used the URL inside of the certificate. VyOS is passive and Vyatta is active.
The certificate in the active point is revoked, obtained a new CRL file and saved to local dropbox replacing the old file. Dropbox syncronize the file.
Fire up an ping against the vyatta from the vyos side.
One hour and the ping is still working. Nothing happen.
Conclusion: CRL distribuion URL is not used by openvpn in vyatta/vyos
Has sombody read about this?
http://www.vyatta.org/node/4408 is related.