New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: ParseRevocationList does not populate Number and AuthorityKeyId fields #53726
Comments
Change https://go.dev/cl/416354 mentions this issue: |
@rolandshoemaker this might be worth a freeze exception since it's a new API. |
Yup agreed, cc @golang/release this adds expected functionality in a new API that was missing and the patch is minimal. |
Note that fixing a bug or problem discovered in a new API thanks to pre-release testing is generally in scope of the freeze (within balance), so a freeze exception might not be needed if you think this fix is okay to accept at this stage. |
Marking as tentative release-blocker since it's a change to a new API. |
I think we should aim to make it clear whose input an issue in a NeedsDecision state is waiting on. I think at this point this doesn't warrant a freeze exception (it's within scope) and so the crypto/x509 owners should (i.e., we should remove "[freeze exception]" suffix). Thoughts? |
Works for me; done. |
The x509.RevocationList type has two fields which correspond to extensions, rather than native fields, of the underlying ASN.1 CRL: the .Number field corresponds to the crlNumber extension, and the .AuthorityKeyId field corresponds to the authorityKeyIdentifier extension. The x509.CreateRevocationList() function uses these fields to populate their respective extensions in the resulting CRL. However, the x509.ParseRevocationList() function does not perform the reverse operation: the fields retain their zero-values even after parsing a CRL which contains the relevant extensions. Add code which populates these fields when parsing their extensions. Add assertions to the existing tests to confirm that the values are populated appropriately. Fixes golang#53726 Change-Id: Ie5b71081e53034e0b5b9ff3c122065c62f15cf23 Reviewed-on: https://go-review.googlesource.com/c/go/+/416354 Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
What version of Go are you using (
go version
)?go1.19rc1
Does this issue reproduce with the latest release?
Yes
What did you do?
Use
x509.ParseRevocationList()
to parse a CRL which contains the crlNumber and authorityKeyIdentifer extensions (such as one produced usingx509.CreateRevocationList()
).See https://go.dev/play/p/6gSi8pmdzBd?v=gotip for a demonstration.
What did you expect to see?
The
RevocationList.Number
andRevocationList.AuthorityKeyId
fields should be populated from the values in their corresponding extensions.What did you see instead?
The
.Number
and.AuthorityKeyId
fields retain their zero-values.The text was updated successfully, but these errors were encountered: