From be11889ab1584a5c6dfd1422ba163d893753b1ad Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Thu, 20 Sep 2012 12:30:56 -0400
Subject: [PATCH] crypto/x509: ignore non-critical email constraints

Previously we tried to parse email constraints as the maximum base
distance (which is unused and must be omitted according to RFC 5280)
because they share the same tag number. Rather than complicate the
code further, this CL just ignores the unused values.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/6552044
---
 src/pkg/crypto/x509/x509.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index b9e4dc0f6a..edfc7f30e7 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -613,8 +613,6 @@ type nameConstraints struct {
 
 type generalSubtree struct {
 	Name string `asn1:"tag:2,optional,ia5"`
-	Min  int    `asn1:"optional,tag:0"`
-	Max  int    `asn1:"optional,tag:1"`
 }
 
 func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
@@ -831,7 +829,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
 				}
 
 				for _, subtree := range constraints.Permitted {
-					if subtree.Min > 0 || subtree.Max > 0 || len(subtree.Name) == 0 {
+					if len(subtree.Name) == 0 {
 						if e.Critical {
 							return out, UnhandledCriticalExtension{}
 						}