From c79d4e931602ac2bb6e2c3ca2cd2ce54b5e6fb9d Mon Sep 17 00:00:00 2001
From: foleyjohnm <foleyjohnm@gmail.com>
Date: Fri, 11 Nov 2022 11:50:20 -0500
Subject: [PATCH 1/4] adding CRLIDP config

---
 authority/config/config.go | 1 +
 authority/tls.go           | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/authority/config/config.go b/authority/config/config.go
index f58a3354..935565d0 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -90,6 +90,7 @@ type CRLConfig struct {
 	GenerateOnRevoke bool                  `json:"generateOnRevoke,omitempty"`
 	CacheDuration    *provisioner.Duration `json:"cacheDuration,omitempty"`
 	RenewPeriod      *provisioner.Duration `json:"renewPeriod,omitempty"`
+	IDPurl			 string				   `json:"idpurl"`
 }
 
 // IsEnabled returns if the CRL is enabled.
diff --git a/authority/tls.go b/authority/tls.go
index 11c61b9e..e64bb5fa 100644
--- a/authority/tls.go
+++ b/authority/tls.go
@@ -773,10 +773,17 @@ func (a *Authority) GenerateCertificateRevocationList() error {
 		NextUpdate:          now.Add(updateDuration),
 	}
 
+	// Set CRL IDP to config item, otherwise, leave as default
+	var fullName string
+	if a.config.CRL.IDPurl != "" {
+		fullName = a.config.CRL.IDPurl
+	} else {
+		fullName = a.config.Audience("/1.0/crl")[0]
+	}
+
 	// Add distribution point.
 	//
 	// Note that this is currently using the port 443 by default.
-	fullName := a.config.Audience("/1.0/crl")[0]
 	if b, err := marshalDistributionPoint(fullName, false); err == nil {
 		revocationList.ExtraExtensions = []pkix.Extension{
 			{Id: oidExtensionIssuingDistributionPoint, Value: b},

From d6f9b3336d9b1dd30753a53421a4bbf69a95cb24 Mon Sep 17 00:00:00 2001
From: foleyjohnm <foleyjohnm@gmail.com>
Date: Fri, 11 Nov 2022 11:52:29 -0500
Subject: [PATCH 2/4] Update config.go

---
 authority/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authority/config/config.go b/authority/config/config.go
index 935565d0..b13b3e36 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -90,7 +90,7 @@ type CRLConfig struct {
 	GenerateOnRevoke bool                  `json:"generateOnRevoke,omitempty"`
 	CacheDuration    *provisioner.Duration `json:"cacheDuration,omitempty"`
 	RenewPeriod      *provisioner.Duration `json:"renewPeriod,omitempty"`
-	IDPurl			 string				   `json:"idpurl"`
+	IDPurl           string                `json:"idpurl"`
 }
 
 // IsEnabled returns if the CRL is enabled.

From be4cd17b40d9a7bdbc24e6ed37160dc895b6f3a8 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Tue, 29 Nov 2022 12:23:02 -0800
Subject: [PATCH 3/4] Add omit empty to IDPurl

---
 authority/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authority/config/config.go b/authority/config/config.go
index b13b3e36..bd61369e 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -90,7 +90,7 @@ type CRLConfig struct {
 	GenerateOnRevoke bool                  `json:"generateOnRevoke,omitempty"`
 	CacheDuration    *provisioner.Duration `json:"cacheDuration,omitempty"`
 	RenewPeriod      *provisioner.Duration `json:"renewPeriod,omitempty"`
-	IDPurl           string                `json:"idpurl"`
+	IDPurl           string                `json:"idpurl,omitempty"`
 }
 
 // IsEnabled returns if the CRL is enabled.

From 002a05880724e4310cc565de9f05e9a71c990c77 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Wed, 30 Nov 2022 11:07:07 -0800
Subject: [PATCH 4/4] Use idpURL in json

---
 authority/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authority/config/config.go b/authority/config/config.go
index bd61369e..556f5407 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -90,7 +90,7 @@ type CRLConfig struct {
 	GenerateOnRevoke bool                  `json:"generateOnRevoke,omitempty"`
 	CacheDuration    *provisioner.Duration `json:"cacheDuration,omitempty"`
 	RenewPeriod      *provisioner.Duration `json:"renewPeriod,omitempty"`
-	IDPurl           string                `json:"idpurl,omitempty"`
+	IDPurl           string                `json:"idpURL,omitempty"`
 }
 
 // IsEnabled returns if the CRL is enabled.