# File lib/puppet/ssl/certificate_revocation_list.rb, line 55
55:   def revoke(serial, cakey, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
56:     Puppet.notice "Revoked certificate with serial #{serial}"
57:     time = Time.now
58: 
59:     # Add our revocation to the CRL.
60:     revoked = OpenSSL::X509::Revoked.new
61:     revoked.serial = serial
62:     revoked.time = time
63:     enum = OpenSSL::ASN1::Enumerated(reason)
64:     ext = OpenSSL::X509::Extension.new("CRLReason", enum)
65:     revoked.add_extension(ext)
66:     @content.add_revoked(revoked)
67: 
68:     # Increment the crlNumber
69:     e = @content.extensions.find { |e| e.oid == 'crlNumber' }
70:     ext = @content.extensions.reject { |e| e.oid == 'crlNumber' }
71:     crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
72:     ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
73:     @content.extensions = ext
74: 
75:     # Set last/next update
76:     @content.last_update = time
77:     # Keep CRL valid for 5 years
78:     @content.next_update = time + 5 * 365*24*60*60
79: 
80:     @content.sign(cakey, OpenSSL::Digest::SHA1.new)
81: 
82:     save
83:   end