crypto/x509: Go should be lenient in parsing CRL Distribution Points that do not conform to RFC 5280 4.2.1.13 #23403
Labels
FrozenDueToAge
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
At minimum, the following 30 intermediate CA certificates do not encode their CRLs as per RFC 5280 4.2.1.13. Rather than being a sequence of DistributionPoints they are simply a sequence of a single sequence that is a flat list of URIs.
The effect of this is that any certificate that is encoded this way will only ever return a slice with, at most, one CRL URI in it.
0FD99AAE1FFCD5D9F0AD76EDDDCBEF6B884CC85C16BFCFA4B5246155D6597ED6
ASN.1 Decoding
crt.sh
117869A76AD9AD92A515F85890437274634394502CB4E226665FCF1FB75A4575
ASN.1 Decoding
crt.sh
18A43C51D08174C3A6D85F1C1318BD2909753E75D91CF6599F73347B00702890
ASN.1 Decoding
crt.sh
207CECE038B9826A120A919D4B41BCA8F37F2E994621BF5A993A04087D556DC6
ASN.1 Decoding
crt.sh
262A9569D60FB8DE5EA518B8A716226FA74EB00DCCEBECDFAB87B7704AF52B1A
ASN.1 Decoding
crt.sh
356A5F4D994E9EFA7CAEFC491768911D65EC25977465B610E2F29AA4472631C3
ASN.1 Decoding
crt.sh
38E9473772F633C9DCB743BE271DB9248810613A9F8B287E2DDF0DB3597C8CDB
ASN.1 Decoding
crt.sh
44C50AC80EDBE9E552E3C96CE5BD11C837C70F56A33ACABCF18D8D7A9B350E07
ASN.1 Decoding
crt.sh
4A40D4BE7FB0B05F9BDCA60BCE383FB592C49206DBC5C784F819CD74F2A07BE3
ASN.1 Decoding
crt.sh
4CB5CB705D4952497B4ED7C46A8564EA5C9137279F38C86B7BCA8E8883868B09
ASN.1 Decoding
crt.sh
56E0349E090CD573889F96DFA83758BEE7F9109D41B3CAE46CCB9D4BBD78B6E2
ASN.1 Decoding
crt.sh
592C508E39D7665F844586C3B9E765AFD5D80BBE05F9289CB0DED5711AC9C10A
ASN.1 Decoding
crt.sh
601293CA20B09A03295D196256C6953FF9EBA811DB8E3CE140413C1BFFE9A869
ASN.1 Decoding
crt.sh
60636BE2F294EC078F4C726964B4DD502B1C82E099CF775631E883FEEE45F951
ASN.1 Decoding
crt.sh
7099A66117825FDABAE48CB19AFE3137D813A0B673FD591D229E261963D3D61B
ASN.1 Decoding
crt.sh
73F82955F931DC6802BD07C5D1DF9404113F3C224F7A5E72040BE442E41F32FC
ASN.1 Decoding
crt.sh
748639EE75623D6E15C48B7C317CB516513BDD1143A8F5E90FF1A665A3314676
ASN.1 Decoding
crt.sh
830FF205AE69485059C3FB2376A7F2F9EE1C2A61DE259DD09D0BB6AD69F88832
ASN.1 Decoding
crt.sh
8700D047E5071116F67551A4393998D629E66F02C7B52E618EF4F9496E734756
ASN.1 Decoding
crt.sh
8AAC53FBFC861137ECA7D5061B81031F8EF3AA007D4FD344834EA859386FB23D
ASN.1 Decoding
crt.sh
8FD16A179944D5D1D420AF09405EDA7ABF2A9C742883E8C2F89E0D90AFAF754B
ASN.1 Decoding
crt.sh
954B889223498AED51AA7A29B62EED24BE03CD481D182E03EB83BAE8DD7BD71B
ASN.1 Decoding
crt.sh
9858CEB7B72F296B9C8CEE355F92B4E0D18DECAAF2C3696E6244A2E203EF6345
ASN.1 Decoding
crt.sh
A4652ED243DACC3FEEE1F0ED7C91BDB19A9BC225E72A5C97FDA4F1F00125BAA3
ASN.1 Decoding
crt.sh
AFCA33DAC544389E3D230DB12AD8BA3EE7C1A9E4CCF0CAFFD7E16C2A2F35CEE5
ASN.1 Decoding
crt.sh
B01A8DC9426D48767157FFCB46BEFA193175BBC981B57D47BC6C7FF71B94A35C
ASN.1 Decoding
crt.sh
B95D483F73177034DCE1C51FFE1CB9972CAFFE4FA1E1AD7412D03D6BA5B04751
ASN.1 Decoding
crt.sh
DB0DA16032F1643A2496FDE742E2BBE81DACA58CD7612061420E154CE1BCE2BD
ASN.1 Decoding
crt.sh
E5C2A9DA1AB2CF46691DEBF2477A9E35143521FA4117CF8ABD153B9667DCBD86
ASN.1 Decoding
crt.sh
F038421F07F20D63A20D3691E5A178AB8459EBE570C1647B7690554EF23876AB
ASN.1 Decoding
crt.sh
The text was updated successfully, but these errors were encountered: