adding CRLIDP config

2022-11-11 11:50:20 -05:00 · 2022-11-11 11:50:20 -05:00 · c79d4e9316
commit c79d4e9316
parent adad7ef970
2 changed files with 9 additions and 1 deletions
--- a/authority/config/config.go
+++ b/authority/config/config.go
@ -90,6 +90,7 @@ type CRLConfig struct {
 	GenerateOnRevoke bool                  `json:"generateOnRevoke,omitempty"`
 	CacheDuration    *provisioner.Duration `json:"cacheDuration,omitempty"`
 	RenewPeriod      *provisioner.Duration `json:"renewPeriod,omitempty"`
+	IDPurl			 string				   `json:"idpurl"`
 }

 // IsEnabled returns if the CRL is enabled.
--- a/authority/tls.go
+++ b/authority/tls.go
@ -773,10 +773,17 @@ func (a *Authority) GenerateCertificateRevocationList() error {
 		NextUpdate:          now.Add(updateDuration),
 	}

+	// Set CRL IDP to config item, otherwise, leave as default
+	var fullName string
+	if a.config.CRL.IDPurl != "" {
+		fullName = a.config.CRL.IDPurl
+	} else {
+		fullName = a.config.Audience("/1.0/crl")[0]
+	}
+
 	// Add distribution point.
 	//
 	// Note that this is currently using the port 443 by default.
-	fullName := a.config.Audience("/1.0/crl")[0]
 	if b, err := marshalDistributionPoint(fullName, false); err == nil {
 		revocationList.ExtraExtensions = []pkix.Extension{
 			{Id: oidExtensionIssuingDistributionPoint, Value: b},