mirror of
https://github.com/golang/go
synced 2024-11-21 20:44:39 -07:00
crypto/x509: ignore non-critical email constraints
Previously we tried to parse email constraints as the maximum base distance (which is unused and must be omitted according to RFC 5280) because they share the same tag number. Rather than complicate the code further, this CL just ignores the unused values. R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/6552044
This commit is contained in:
parent
036640fab7
commit
be11889ab1
@ -613,8 +613,6 @@ type nameConstraints struct {
|
||||
|
||||
type generalSubtree struct {
|
||||
Name string `asn1:"tag:2,optional,ia5"`
|
||||
Min int `asn1:"optional,tag:0"`
|
||||
Max int `asn1:"optional,tag:1"`
|
||||
}
|
||||
|
||||
func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
|
||||
@ -831,7 +829,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
|
||||
}
|
||||
|
||||
for _, subtree := range constraints.Permitted {
|
||||
if subtree.Min > 0 || subtree.Max > 0 || len(subtree.Name) == 0 {
|
||||
if len(subtree.Name) == 0 {
|
||||
if e.Critical {
|
||||
return out, UnhandledCriticalExtension{}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user