crypto/x509: the ParseRevocationList() doesn't seem to populate the AuthorityKeyId correctly #57461
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Use x509.ParseRevocationList to parse a CRL file; the parse result of the CRL file using openssl is following
What did you expect to see?
the RevocationList.AuthorityKeyId == DA:E0:15:3C:4B:5D:BB:04:3E:D7:AE:75:DF:39:5A:D1:F6:B6:9A:CD
What did you see instead?
the RevocationList.AuthorityKeyId == 30168014DAE0153C4B5DBB043ED7AE75DF395AD1F6B69ACD
There are additional 4 bytes 30168014, I am no expert of ASN1 encoding, but I guess these 4 bytes are some sort of ASN1 encoding header/overhead.
after reading the parser.go, I found the ParseRevocationList() has following code to populate AKID
which is different from processExtensions() used by parseCertificate()
The text was updated successfully, but these errors were encountered: