mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
44 lines
1.6 KiB
Diff
44 lines
1.6 KiB
Diff
diff --git a/ca/crl.go b/ca/crl.go
|
|
index adb311f1..88dcdc71 100644
|
|
--- a/ca/crl.go
|
|
+++ b/ca/crl.go
|
|
@@ -117,7 +117,7 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error
|
|
}
|
|
|
|
// Add the Issuing Distribution Point extension.
|
|
- idp, err := makeIDPExt(ci.idpBase, issuer.Cert.NameID(), shard)
|
|
+ idp, err := makeIDPExt(ci.idpBase, issuer.Cert.NameID())
|
|
if err != nil {
|
|
return fmt.Errorf("creating IDP extension: %w", err)
|
|
}
|
|
@@ -146,8 +146,10 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error
|
|
builder = strings.Builder{}
|
|
}
|
|
}
|
|
- fmt.Fprint(&builder, "]")
|
|
- ci.log.AuditInfo(builder.String())
|
|
+ if builder.Len() > 0 {
|
|
+ fmt.Fprint(&builder, "]")
|
|
+ ci.log.AuditInfo(builder.String())
|
|
+ }
|
|
}
|
|
|
|
template.RevokedCertificateEntries = rcs
|
|
@@ -246,14 +248,14 @@ type issuingDistributionPoint struct {
|
|
// makeIDPExt returns a critical IssuingDistributionPoint extension containing a
|
|
// URI built from the base url, the issuer's NameID, and the shard number. It
|
|
// also sets the OnlyContainsUserCerts boolean to true.
|
|
-func makeIDPExt(base string, issuer issuance.IssuerNameID, shardIdx int64) (*pkix.Extension, error) {
|
|
+func makeIDPExt(base string, issuer issuance.IssuerNameID) (*pkix.Extension, error) {
|
|
val := issuingDistributionPoint{
|
|
DistributionPoint: distributionPointName{
|
|
[]asn1.RawValue{ // GeneralNames
|
|
{ // GeneralName
|
|
Class: 2, // context-specific
|
|
Tag: 6, // uniformResourceIdentifier, IA5String
|
|
- Bytes: []byte(fmt.Sprintf("%s/%d/%d.crl", base, issuer, shardIdx)),
|
|
+ Bytes: []byte(fmt.Sprintf("%s/%d.crl", base, issuer)),
|
|
},
|
|
},
|
|
},
|