crypto/x509: improve RevocationList documentation

Adds documentation for a handful of RevocationList fields.

Updates #50674

Change-Id: I26b838553d870b631deaf8b9a5b4d0b251fdef20
Reviewed-on: https://go-review.googlesource.com/c/go/+/414635
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index e17df0dd94328070dfd2fb8a81f047517a781892..87eb1f7720b69dca653e8504914389e8f0f2342d 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -2097,11 +2097,19 @@ func (c *CertificateRequest) CheckSignature() error {
 // RevocationList contains the fields used to create an X.509 v2 Certificate
 // Revocation list with CreateRevocationList.
 type RevocationList struct {
-       Raw                  []byte
+       // Raw contains the complete ASN.1 DER content of the CRL (tbsCertList,
+       // signatureAlgorithm, and signatureValue.)
+       Raw []byte
+       // RawTBSRevocationList contains just the tbsCertList portion of the ASN.1
+       // DER.
        RawTBSRevocationList []byte
-       RawIssuer            []byte
+       // RawIssuer contains the DER encoded Issuer.
+       RawIssuer []byte
 
-       Issuer         pkix.Name
+       // Issuer contains the DN of the issuing certificate.
+       Issuer pkix.Name
+       // AuthorityKeyId is used to identify the public key associated with the
+       // issuing certificate.
        AuthorityKeyId []byte
 
        Signature []byte