From 7748a7f159f43a7098dfdb170d26b152d8d5ba77 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Tue, 3 Aug 2010 12:26:48 -0400
Subject: [PATCH] crypto/x509: unwrap Subject Key Identifier

RFC 5280, 4.2.1.2 says:
  SubjectKeyIdentifier ::= KeyIdentifier
  KeyIdentifier ::= OCTET STRING

Previously, we were failing to unwrap the second level of OCTET STRING
encoding.

Fixes #993.

R=rsc
CC=golang-dev
https://golang.org/cl/1917044
---
 src/pkg/crypto/x509/x509.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index 728116850f..e4a05d3ef0 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -610,7 +610,12 @@ func parseCertificate(in *certificate) (*Certificate, os.Error) {
 
 			case 14:
 				// RFC 5280, 4.2.1.2
-				out.SubjectKeyId = e.Value
+				var keyid []byte
+				_, err = asn1.Unmarshal(&keyid, e.Value)
+				if err != nil {
+					return nil, err
+				}
+				out.SubjectKeyId = keyid
 				continue
 			}
 		}
-- 
2.50.0