1 files changed, 8 insertions, 6 deletions

diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 84fe77554..c8fb107d5 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -159,7 +159,7 @@ bool insert_crl(x509crl_t *x509crl, char *crl_uri, bool cache_crl)
 	{
 		certificate_t *old_cert_crl = oldcrl->crl;
 
-		if (cert_crl->is_newer(cert_crl, old_cert_crl))
+		if (crl_is_newer((crl_t*)cert_crl, (crl_t*)old_cert_crl))
 		{
 			/* keep any known CRL distribution points */
 			add_distribution_points(x509crl->distributionPoints,
@@ -202,9 +202,11 @@ bool insert_crl(x509crl_t *x509crl, char *crl_uri, bool cache_crl)
 		snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_PATH, hex);
 		free(hex.ptr);
 
-		encoding = cert_crl->get_encoding(cert_crl);
-		chunk_write(encoding, buf, "crl", 022, TRUE);
-		free(encoding.ptr);
+		if (cert_crl->get_encoding(cert_crl, CERT_ASN1_DER, &encoding))
+		{
+			chunk_write(encoding, buf, "crl", 022, TRUE);
+			free(encoding.ptr);
+		}
 	}
 
 	/* is the fetched crl valid? */
@@ -313,7 +315,7 @@ void check_crls(void)
 		certificate_t *cert_crl = x509crl->crl;
 		crl_t *crl = (crl_t*)cert_crl;
 		identification_t *issuer = cert_crl->get_issuer(cert_crl);
-		chunk_t authKeyID = crl->get_authKeyIdentifier(crl);		
+		chunk_t authKeyID = crl->get_authKeyIdentifier(crl);
 
 		cert_crl->get_validity(cert_crl, &now, NULL, &nextUpdate);
 		time_left = nextUpdate - now;
@@ -353,7 +355,7 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate,
 	char *point;
 
 	ca = get_ca_info(issuer, authKeyID);
-	
+
 	*revocationDate = UNDEFINED_TIME;
 	*revocationReason = CRL_REASON_UNSPECIFIED;