crypto/x509: Correction of incrorrect default version number in TBSCertificateList...

RFC5280 states:

"This optional field describes the version of the encoded CRL.  When
 extensions are used, as required by this profile, this field MUST be
 present and MUST specify version 2 (the integer value is 1)."

This CL has been discussed at: http://golang.org/cl/172560043

Change-Id: I8a72d7593d5ca6714abe9abd6a37437c3b69ab0f
Reviewed-on: https://go-review.googlesource.com/2259
Reviewed-by: Adam Langley <agl@golang.org>

diff --git a/src/crypto/x509/pkix/pkix.go b/src/crypto/x509/pkix/pkix.go
index 8768b785908a0a4f93c1a5f0b79b6ff53a2dd616..0589264b54ea9d9de4819d674be1bdb240297eba 100644 (file)
--- a/src/crypto/x509/pkix/pkix.go
+++ b/src/crypto/x509/pkix/pkix.go
@@ -160,7 +160,7 @@ func (certList *CertificateList) HasExpired(now time.Time) bool {
 // 5280, section 5.1.
 type TBSCertificateList struct {
        Raw                 asn1.RawContent
-       Version             int `asn1:"optional,default:2"`
+       Version             int `asn1:"optional,default:1"`
        Signature           AlgorithmIdentifier
        Issuer              RDNSequence
        ThisUpdate          time.Time

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index c267a29740ccc133f7cc76ac65962aca4783070f..3fa5b3d7571c29dbdaf6a939b222272f9b6ac3fb 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1575,7 +1575,7 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [
                return nil, errors.New("x509: non-RSA private keys not supported")
        }
        tbsCertList := pkix.TBSCertificateList{
-               Version: 2,
+               Version: 1,
                Signature: pkix.AlgorithmIdentifier{
                        Algorithm: oidSignatureSHA1WithRSA,
                },