You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RFC5280 4.2.1.6 requires: "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
x509.CreateCertificate fails to mark subjectAltName as critical in this case.
Certificate generated with empty Subject and SubjectAltName marked critical, test program ran to completion.
What did you see instead?
Certificate generated with empty Subject and SubjectAltName NOT marked critical, test program panics.
The text was updated successfully, but these errors were encountered:
odeke-em
changed the title
x509.CreateCertificate should mark SubjectAltName as critical iff Subject is empty
crypto/x509: CreateCertificate should mark SubjectAltName as critical iff Subject is empty
Oct 13, 2017
What version of Go are you using (
go version
)?go version go1.9.1 linux/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/rjk/go"
GORACE=""
GOROOT="/usr/local/go-1.9.1"
GOTOOLDIR="/usr/local/go-1.9.1/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build715387515=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
What did you do?
RFC5280 4.2.1.6 requires: "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
x509.CreateCertificate fails to mark subjectAltName as critical in this case.
https://play.golang.org/p/8BeKYea_77 exercises the bug.
What did you expect to see?
Certificate generated with empty Subject and SubjectAltName marked critical, test program ran to completion.
What did you see instead?
Certificate generated with empty Subject and SubjectAltName NOT marked critical, test program panics.
The text was updated successfully, but these errors were encountered: