crypto/x509: Parse CSR not containing Extensions Request Attribute #56140
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Attempt to parse a CSR PEM that does not contain an Extensions Request Attribute ( 1.2.840.113549.1.9.14 ).
The PKCS10 RFC doesn't specifically state that a PKCS10 must have, or may not have an Extension Request Attribute.
However the x509 RFC does state that:
If present, this field is a SEQUENCE of one or more certificate extensions.
I would expect that I must only include an Extension Request Attribute, when it contains one or more extensions.
Go Play demo:
https://go.dev/play/p/6YJ2CxnKtIw
What did you expect to see?
An x509.CertificateRequest struct with an empty array of pkix.Extension structs.
What did you see instead?
The error:
asn1: syntax error: sequence truncated
The text was updated successfully, but these errors were encountered: