crypto/x509: add new CRL parser, deprecate old one
Adds a new, cryptobyte based, CRL parser, which returns a
x509.RevocaitonList, rather than a pkix.CertificateList. This allows us
to return much more detailed information, as well as leaving open the
option of adding further information since RevocationList is not a
direct ASN.1 representation like pkix.CertificateList. Additionally
a new method is added to RevocationList, CheckSignatureFrom, which is
analogous to the method with the same name on Certificate, which
properly checks that the signature is from an issuing certiifcate.
This change also deprecates a number of older CRL related functions and
types, which have been replaced with the new functionality introduced
in this change:
* crypto/x509.ParseCRL
* crypto/x509.ParseDERCRL
* crypto/x509.CheckCRLSignature
* crypto/x509/pkix.CertificateList
* crypto/x509/pkix.TBSCertificateList
Fixes #50674
Change-Id: I27dc219e39bef09a396e666b4fccaa32578fd913
Reviewed-on: https://go-review.googlesource.com/c/go/+/390834 Reviewed-by: Damien Neil <dneil@google.com>
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>