crypto/x509: unwrap Subject Key Identifier

RFC 5280, 4.2.1.2 says:
  SubjectKeyIdentifier ::= KeyIdentifier
  KeyIdentifier ::= OCTET STRING

Previously, we were failing to unwrap the second level of OCTET STRING
encoding.

Fixes #993.

R=rsc
CC=golang-dev
https://golang.org/cl/1917044

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 728116850fbcd152d6858019f93a6d006c55bd95..e4a05d3ef0976c86395f6b76091f1d6f44120d80 100644 (file)
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -610,7 +610,12 @@ func parseCertificate(in *certificate) (*Certificate, os.Error) {
 
                        case 14:
                                // RFC 5280, 4.2.1.2
-                               out.SubjectKeyId = e.Value
+                               var keyid []byte
+                               _, err = asn1.Unmarshal(&keyid, e.Value)
+                               if err != nil {
+                                       return nil, err
+                               }
+                               out.SubjectKeyId = keyid
                                continue
                        }
                }