alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Mark the IDP critical in the generated CRL data.

Browse source 
Trying to get CRL to work on my environment I've been reading up on [RFC5280](https://www.rfc-editor.org/rfc/rfc5280#section-5.2.5) ... and the IDP to be marked as `Critical`. I hope I'm correct and that my understanding on how to mark the IDP is critical.
Looking at e.g. `3470b1ec57/x509util/extensions_test.go (L48)` makes me think so.

---

Hopefully the above change - if accepted - can get CRL's to work on my environment. If not we're at least one step closer.
This commit is contained in:
LarsBingBong 2023-02-24 20:32:49 +01:00 committed by GitHub
parent 176cf30a6f
commit 0d5c40e059
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
authority/tls.go
View file

@ -786,7 +786,7 @@ func (a *Authority) GenerateCertificateRevocationList() error {
// Note that this is currently using the port 443 by default.
if b, err := marshalDistributionPoint(fullName, false); err == nil {
revocationList.ExtraExtensions = []pkix.Extension{
{Id: oidExtensionIssuingDistributionPoint, Value: b},
{Id: oidExtensionIssuingDistributionPoint, Critical: true, Value: b},
}
}