mirror of
https://github.com/golang/go
synced 2024-10-14 11:53:56 +00:00
crypto/x509: accept CRLs without an expiry.
RFC5280 says that the nextUpdate field is optional. Fixes #8085. R=bradfitz CC=golang-codereviews https://golang.org/cl/149770044
This commit is contained in:
parent
dca460574f
commit
dfddd802ac
|
@ -164,7 +164,7 @@ type TBSCertificateList struct {
|
|||
Signature AlgorithmIdentifier
|
||||
Issuer RDNSequence
|
||||
ThisUpdate time.Time
|
||||
NextUpdate time.Time
|
||||
NextUpdate time.Time `asn1:"optional"`
|
||||
RevokedCertificates []RevokedCertificate `asn1:"optional"`
|
||||
Extensions []Extension `asn1:"tag:0,optional,explicit"`
|
||||
}
|
||||
|
|
|
@ -707,6 +707,17 @@ func TestParseDERCRL(t *testing.T) {
|
|||
// Can't check the signature here without a package cycle.
|
||||
}
|
||||
|
||||
func TestCRLWithoutExpiry(t *testing.T) {
|
||||
derBytes := fromBase64("MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWh")
|
||||
certList, err := ParseDERCRL(derBytes)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !certList.TBSCertList.NextUpdate.IsZero() {
|
||||
t.Errorf("NextUpdate is not the zero value")
|
||||
}
|
||||
}
|
||||
|
||||
func TestParsePEMCRL(t *testing.T) {
|
||||
pemBytes := fromBase64(pemCRLBase64)
|
||||
certList, err := ParseCRL(pemBytes)
|
||||
|
|
Loading…
Reference in a new issue