From 083e04c3d963832116deb0d11e1fab5d7d57132a Mon Sep 17 00:00:00 2001 From: Paul van Brouwershaven Date: Mon, 5 Jan 2015 11:27:40 +0000 Subject: [PATCH] crypto/x509: Correction of incrorrect default version number in TBSCertificateList and Certificate.CreateCRL RFC5280 states: "This optional field describes the version of the encoded CRL. When extensions are used, as required by this profile, this field MUST be present and MUST specify version 2 (the integer value is 1)." This CL has been discussed at: http://golang.org/cl/172560043 Change-Id: I8a72d7593d5ca6714abe9abd6a37437c3b69ab0f Reviewed-on: https://go-review.googlesource.com/2259 Reviewed-by: Adam Langley --- src/crypto/x509/pkix/pkix.go | 2 +- src/crypto/x509/x509.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/x509/pkix/pkix.go b/src/crypto/x509/pkix/pkix.go index 8768b78590..0589264b54 100644 --- a/src/crypto/x509/pkix/pkix.go +++ b/src/crypto/x509/pkix/pkix.go @@ -160,7 +160,7 @@ func (certList *CertificateList) HasExpired(now time.Time) bool { // 5280, section 5.1. type TBSCertificateList struct { Raw asn1.RawContent - Version int `asn1:"optional,default:2"` + Version int `asn1:"optional,default:1"` Signature AlgorithmIdentifier Issuer RDNSequence ThisUpdate time.Time diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index c267a29740..3fa5b3d757 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -1575,7 +1575,7 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [ return nil, errors.New("x509: non-RSA private keys not supported") } tbsCertList := pkix.TBSCertificateList{ - Version: 2, + Version: 1, Signature: pkix.AlgorithmIdentifier{ Algorithm: oidSignatureSHA1WithRSA, }, -- 2.50.0