]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dca4605)
crypto/x509: accept CRLs without an expiry.
authorAdam Langley <agl@golang.org>
Mon, 29 Sep 2014 19:26:51 +0000 (12:26 -0700)
committerAdam Langley <agl@golang.org>
Mon, 29 Sep 2014 19:26:51 +0000 (12:26 -0700)
RFC5280 says that the nextUpdate field is optional.

Fixes #8085.

R=bradfitz
CC=golang-codereviews
https://golang.org/cl/149770044

src/crypto/x509/pkix/pkix.go patch | blob | history
src/crypto/x509/x509_test.go patch | blob | history

diff --git a/src/crypto/x509/pkix/pkix.go b/src/crypto/x509/pkix/pkix.go
index 58c1e54d1004cc5b6a1ee40d1e2c1c45cb76d93c..8768b785908a0a4f93c1a5f0b79b6ff53a2dd616 100644 (file)
--- a/src/crypto/x509/pkix/pkix.go
+++ b/src/crypto/x509/pkix/pkix.go
@@ -164,7 +164,7 @@ type TBSCertificateList struct {
        Signature           AlgorithmIdentifier
        Issuer              RDNSequence
        ThisUpdate          time.Time
-       NextUpdate          time.Time
+       NextUpdate          time.Time            `asn1:"optional"`
        RevokedCertificates []RevokedCertificate `asn1:"optional"`
        Extensions          []Extension          `asn1:"tag:0,optional,explicit"`
 }
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 56f7a98322dad11172b0275ef86b185baee4e59b..abe86216f9c8b787a4e038594e33a9b6609e3487 100644 (file)
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -707,6 +707,17 @@ func TestParseDERCRL(t *testing.T) {
        // Can't check the signature here without a package cycle.
 }
 
+func TestCRLWithoutExpiry(t *testing.T) {
+       derBytes := fromBase64("MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWh")
+       certList, err := ParseDERCRL(derBytes)
+       if err != nil {
+               t.Fatal(err)
+       }
+       if !certList.TBSCertList.NextUpdate.IsZero() {
+               t.Errorf("NextUpdate is not the zero value")
+       }
+}
+
 func TestParsePEMCRL(t *testing.T) {
        pemBytes := fromBase64(pemCRLBase64)
        certList, err := ParseCRL(pemBytes)
Go GOST TLS 1.3