adding CRLIDP config

This commit is contained in:
foleyjohnm 2022-11-11 11:50:20 -05:00
parent adad7ef970
commit c79d4e9316
2 changed files with 9 additions and 1 deletions

View file

@ -90,6 +90,7 @@ type CRLConfig struct {
GenerateOnRevoke bool `json:"generateOnRevoke,omitempty"`
CacheDuration *provisioner.Duration `json:"cacheDuration,omitempty"`
RenewPeriod *provisioner.Duration `json:"renewPeriod,omitempty"`
IDPurl string `json:"idpurl"`
}
// IsEnabled returns if the CRL is enabled.

View file

@ -773,10 +773,17 @@ func (a *Authority) GenerateCertificateRevocationList() error {
NextUpdate: now.Add(updateDuration),
}
// Set CRL IDP to config item, otherwise, leave as default
var fullName string
if a.config.CRL.IDPurl != "" {
fullName = a.config.CRL.IDPurl
} else {
fullName = a.config.Audience("/1.0/crl")[0]
}
// Add distribution point.
//
// Note that this is currently using the port 443 by default.
fullName := a.config.Audience("/1.0/crl")[0]
if b, err := marshalDistributionPoint(fullName, false); err == nil {
revocationList.ExtraExtensions = []pkix.Extension{
{Id: oidExtensionIssuingDistributionPoint, Value: b},