mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto/x509: handle CRLDistributionPoints without FullNames 

Fixes #12910.

Change-Id: If446e5dce236483bbb898cc5959baf8371f05142
Reviewed-on: https://go-review.googlesource.com/17550
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Russ Cox 2015-12-08 10:04:10 -05:00
parent 70cee781fc
commit be7544be23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/crypto/x509/x509.go
View File

@ -1048,7 +1048,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
}
case 31:
// RFC 5280, 4.2.1.14
// RFC 5280, 4.2.1.13
// CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
//
@ -1069,6 +1069,11 @@ func parseCertificate(in *certificate) (*Certificate, error) {
}
for _, dp := range cdp {
// Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty.
if len(dp.DistributionPoint.FullName.Bytes) == 0 {
continue
}
var n asn1.RawValue
if _, err := asn1.Unmarshal(dp.DistributionPoint.FullName.Bytes, &n); err != nil {
return nil, err