diff options
| author | Adam Langley <agl@golang.org> | 2014-09-29 12:26:51 -0700 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2014-09-29 12:26:51 -0700 |
| commit | 2ecbfbd98ac610ea94d5173eabc3b36cb748fe52 (patch) | |
| tree | 59b30d2379a6bbf347f79cd9075412ae0efed63c /src/crypto | |
| parent | 3d8346ae42b830ca880f50ed27488171e846416c (diff) | |
| download | go-2ecbfbd98ac610ea94d5173eabc3b36cb748fe52.tar.gz | |
crypto/x509: accept CRLs without an expiry.
RFC5280 says that the nextUpdate field is optional.
Fixes issue 8085.
R=bradfitz
CC=golang-codereviews
https://codereview.appspot.com/149770044
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/x509/pkix/pkix.go | 2 | ||||
| -rw-r--r-- | src/crypto/x509/x509_test.go | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/crypto/x509/pkix/pkix.go b/src/crypto/x509/pkix/pkix.go index 58c1e54d1..8768b7859 100644 --- a/src/crypto/x509/pkix/pkix.go +++ b/src/crypto/x509/pkix/pkix.go @@ -164,7 +164,7 @@ type TBSCertificateList struct { Signature AlgorithmIdentifier Issuer RDNSequence ThisUpdate time.Time - NextUpdate time.Time + NextUpdate time.Time `asn1:"optional"` RevokedCertificates []RevokedCertificate `asn1:"optional"` Extensions []Extension `asn1:"tag:0,optional,explicit"` } diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go index 56f7a9832..abe86216f 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -707,6 +707,17 @@ func TestParseDERCRL(t *testing.T) { // Can't check the signature here without a package cycle. } +func TestCRLWithoutExpiry(t *testing.T) { + derBytes := fromBase64("MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWh") + certList, err := ParseDERCRL(derBytes) + if err != nil { + t.Fatal(err) + } + if !certList.TBSCertList.NextUpdate.IsZero() { + t.Errorf("NextUpdate is not the zero value") + } +} + func TestParsePEMCRL(t *testing.T) { pemBytes := fromBase64(pemCRLBase64) certList, err := ParseCRL(pemBytes) |