alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

adding CRLIDP config

Browse source
This commit is contained in:
foleyjohnm 2022-11-11 11:50:20 -05:00
parent adad7ef970
commit c79d4e9316
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
authority/config/config.go
View file

@ -90,6 +90,7 @@ type CRLConfig struct {
GenerateOnRevoke bool `json:"generateOnRevoke,omitempty"` GenerateOnRevoke bool `json:"generateOnRevoke,omitempty"`
CacheDuration *provisioner.Duration `json:"cacheDuration,omitempty"` CacheDuration *provisioner.Duration `json:"cacheDuration,omitempty"`
RenewPeriod *provisioner.Duration `json:"renewPeriod,omitempty"` RenewPeriod *provisioner.Duration `json:"renewPeriod,omitempty"`
IDPurl string `json:"idpurl"`
} }
// IsEnabled returns if the CRL is enabled. // IsEnabled returns if the CRL is enabled.

9
authority/tls.go
View file

@ -773,10 +773,17 @@ func (a *Authority) GenerateCertificateRevocationList() error {
NextUpdate: now.Add(updateDuration), NextUpdate: now.Add(updateDuration),
} }
// Set CRL IDP to config item, otherwise, leave as default
var fullName string
if a.config.CRL.IDPurl != "" {
fullName = a.config.CRL.IDPurl
} else {
fullName = a.config.Audience("/1.0/crl")[0]
}
// Add distribution point. // Add distribution point.
// //
// Note that this is currently using the port 443 by default. // Note that this is currently using the port 443 by default.
fullName := a.config.Audience("/1.0/crl")[0]
if b, err := marshalDistributionPoint(fullName, false); err == nil { if b, err := marshalDistributionPoint(fullName, false); err == nil {
revocationList.ExtraExtensions = []pkix.Extension{ revocationList.ExtraExtensions = []pkix.Extension{
{Id: oidExtensionIssuingDistributionPoint, Value: b}, {Id: oidExtensionIssuingDistributionPoint, Value: b},