From: Adam Langley <agl@golang.org>
Date: Tue, 3 Aug 2010 16:26:48 +0000 (-0400)
Subject: crypto/x509: unwrap Subject Key Identifier
X-Git-Tag: weekly.2010-08-04~22
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7748a7f159f43a7098dfdb170d26b152d8d5ba77;p=gostls13.git

crypto/x509: unwrap Subject Key Identifier

RFC 5280, 4.2.1.2 says:
  SubjectKeyIdentifier ::= KeyIdentifier
  KeyIdentifier ::= OCTET STRING

Previously, we were failing to unwrap the second level of OCTET STRING
encoding.

Fixes #993.

R=rsc
CC=golang-dev
https://golang.org/cl/1917044
---

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 728116850f..e4a05d3ef0 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -610,7 +610,12 @@ func parseCertificate(in *certificate) (*Certificate, os.Error) {
 
 			case 14:
 				// RFC 5280, 4.2.1.2
-				out.SubjectKeyId = e.Value
+				var keyid []byte
+				_, err = asn1.Unmarshal(&keyid, e.Value)
+				if err != nil {
+					return nil, err
+				}
+				out.SubjectKeyId = keyid
 				continue
 			}
 		}