# File lib/puppet/ssl/certificate_revocation_list.rb, line 55
55:     def revoke(serial, cakey, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
56:         Puppet.notice "Revoked certificate with serial %s" % serial
57:         time = Time.now
58: 
59:         # Add our revocation to the CRL.
60:         revoked = OpenSSL::X509::Revoked.new
61:         revoked.serial = serial
62:         revoked.time = time
63:         enum = OpenSSL::ASN1::Enumerated(reason)
64:         ext = OpenSSL::X509::Extension.new("CRLReason", enum)
65:         revoked.add_extension(ext)
66:         @content.add_revoked(revoked)
67: 
68:         # Increment the crlNumber
69:         e = @content.extensions.find { |e| e.oid == 'crlNumber' }
70:         ext = @content.extensions.reject { |e| e.oid == 'crlNumber' }
71:         crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
72:         ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
73:         @content.extensions = ext
74: 
75:         # Set last/next update
76:         @content.last_update = time
77:         # Keep CRL valid for 5 years
78:         @content.next_update = time + 5 * 365*24*60*60
79: 
80:         @content.sign(cakey, OpenSSL::Digest::SHA1.new)
81: 
82:         save
83:     end