qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-21 14:24:44 -07:00
Code Releases Activity

crypto/x509: ignore non-critical email constraints

Browse Source 
Previously we tried to parse email constraints as the maximum base
distance (which is unused and must be omitted according to RFC 5280)
because they share the same tag number. Rather than complicate the
code further, this CL just ignores the unused values.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/6552044
This commit is contained in:
Adam Langley 2012-09-20 12:30:56 -04:00
parent 036640fab7
commit be11889ab1
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pkg/crypto/x509/x509.go
View File

@ -613,8 +613,6 @@ type nameConstraints struct {
type generalSubtree struct {
Name string `asn1:"tag:2,optional,ia5"`
Min int `asn1:"optional,tag:0"`
Max int `asn1:"optional,tag:1"`
}
func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
@ -831,7 +829,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
}
for _, subtree := range constraints.Permitted {
if subtree.Min > 0 || subtree.Max > 0 || len(subtree.Name) == 0 {
if len(subtree.Name) == 0 {
if e.Critical {
return out, UnhandledCriticalExtension{}
}