From 35edc1766aa5503128b2b051199085c73768996b Mon Sep 17 00:00:00 2001
From: hagop <hagop>
Date: Wed, 5 Mar 2025 17:28:28 +0000
Subject: [PATCH] Add "raw" query parameter for CRL endpoint, allows CFSSL to
 be used as a CRL distribution point

---
 .gitignore     |  1 +
 api/crl/crl.go | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/.gitignore b/.gitignore
index 6b0acf7a0..d5d4ddd81 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ bin
 *.rpm
 test
 .DS_Store
+*.exe
\ No newline at end of file
diff --git a/api/crl/crl.go b/api/crl/crl.go
index c2525c131..5325ed53b 100644
--- a/api/crl/crl.go
+++ b/api/crl/crl.go
@@ -89,5 +89,15 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	// Check if a raw/binary format CRL is requested
+	// This allows CFSSL to be used as a CRL Distribution Point
+	isRaw := r.URL.Query().Get("raw") == "true"
+	if isRaw {
+		w.Header().Set("Content-Type", "application/pkix-crl")
+		//w.Header().Set("Content-Disposition", "attachment; filename=revoked.crl")
+		_, err = w.Write(result)
+		return err
+	}
+
 	return api.SendResponse(w, result)
 }