Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509/pkix: TBSCertificate default for Version should be 0 for v1 #13382

Closed
tvbuehler opened this issue Nov 24, 2015 · 2 comments
Closed

Comments

@tvbuehler
Copy link

The default version is v1 which has numeric value 0, not 1 (which is v2); from RFC 5280:

version [0] Version DEFAULT v1,
[...]
Version ::= INTEGER { v1(0), v2(1), v3(2) }

I would have sent a pull request, but I'm not going through your contribute pain for a single character change.

@rsc
Copy link
Contributor

rsc commented Dec 28, 2015

@agl, I think this is the suggestion (but I really can't tell).

diff --git a/src/crypto/x509/pkix/pkix.go b/src/crypto/x509/pkix/pkix.go
index 1b3e3c0..ae29733 100644
--- a/src/crypto/x509/pkix/pkix.go
+++ b/src/crypto/x509/pkix/pkix.go
@@ -177,7 +177,7 @@ func (certList *CertificateList) HasExpired(now time.Time) bool {
 // 5280, section 5.1.
 type TBSCertificateList struct {
    Raw                 asn1.RawContent
-   Version             int `asn1:"optional,default:1"`
+   Version             int `asn1:"optional,default:0"` // 0 means v1
    Signature           AlgorithmIdentifier
    Issuer              RDNSequence
    ThisUpdate          time.Time

@rsc rsc added this to the Go1.6Maybe milestone Dec 28, 2015
@rsc rsc changed the title x509/pkix TBSCertificate version default is broken crypto/x509/pkix: TBSCertificate default for Version should be 0 for v1 Dec 28, 2015
@rsc
Copy link
Contributor

rsc commented Jan 6, 2016

Can wait for Go 1.7.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants