Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: distributionPointName not compliant with RFC 5280 #16858

Closed
zhengping12 opened this issue Aug 24, 2016 · 1 comment
Closed

crypto/x509: distributionPointName not compliant with RFC 5280 #16858

zhengping12 opened this issue Aug 24, 2016 · 1 comment
Labels
FrozenDueToAge
Milestone
Go1.8Maybe

Comments

@zhengping12
Copy link

Please answer these questions before submitting your issue. Thanks!

  1. What version of Go are you using (go version)?
    1.7
  2. What operating system and processor architecture are you using (go env)?
    GOARCH="amd64"
    GOBIN=""
    GOEXE=""
    GOHOSTARCH="amd64"
    GOHOSTOS="darwin"
    GOOS="darwin"
    GOPATH="/Users/Zhengping/Documents/nsrg"
    GORACE=""
    GOROOT="/usr/local/go"
    GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
    CC="clang"
    GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/c6/vwt_07cd62b102ynhmn2n7pm0000gn/T/go-build736045736=/tmp/go-build -gno-record-gcc-switches -fno-common"
    CXX="clang++"
    CGO_ENABLED="1"
  3. What did you do?
    The x509 distributionPointName struct in x509.go is defined as

type distributionPointName struct {
FullName asn1.RawValue asn1:"optional,tag:0"
RelativeName pkix.RDNSequence asn1:"optional,tag:1"
}

But in RFC 5280, it is defined as

DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }

Clearly DistributionPointName is a choice, FullName and RelativeName cannot be present at the same time. Please consider making the struct contain one asn1.RawValue element to fix this issue.

type distributionPointName struct {
Name asn1.RawValue
}
@bradfitz bradfitz changed the title x509 package distributionPointName not compliant with RFC 5280 crypto/x509: distributionPointName not compliant with RFC 5280 Aug 24, 2016
@bradfitz bradfitz added this to the Go1.8Maybe milestone Aug 24, 2016
@agl
Copy link
Contributor

agl commented Aug 24, 2016

crypto/x509 attempts to cover the subset of X.509 that is used in the web PKI. In practice, the CRLDP is just a URL and the RFC is hugely over engineered. []string is perhaps even too general here and it should just have been a string or a url.URL.

When more detailed dissection of X.509 structures is needed it's more appropriate to handle that in the package where it's needed. (For which I apologise for encoding/asn1, which was a mistaken design. You might well want to build a simple, imperative DER parser.)

@agl agl closed this as completed Aug 24, 2016
@golang golang locked and limited conversation to collaborators Aug 24, 2017
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.8Maybe
Development

No branches or pull requests
4 participants
@bradfitz @agl @gopherbot @zhengping12