Commit be7544be authored by Russ Cox's avatar Russ Cox

crypto/x509: handle CRLDistributionPoints without FullNames

Fixes #12910.

Change-Id: If446e5dce236483bbb898cc5959baf8371f05142
Reviewed-on: https://go-review.googlesource.com/17550Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: default avatarAdam Langley <agl@golang.org>
parent 70cee781
...@@ -1048,7 +1048,7 @@ func parseCertificate(in *certificate) (*Certificate, error) { ...@@ -1048,7 +1048,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
} }
case 31: case 31:
// RFC 5280, 4.2.1.14 // RFC 5280, 4.2.1.13
// CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
// //
...@@ -1069,6 +1069,11 @@ func parseCertificate(in *certificate) (*Certificate, error) { ...@@ -1069,6 +1069,11 @@ func parseCertificate(in *certificate) (*Certificate, error) {
} }
for _, dp := range cdp { for _, dp := range cdp {
// Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty.
if len(dp.DistributionPoint.FullName.Bytes) == 0 {
continue
}
var n asn1.RawValue var n asn1.RawValue
if _, err := asn1.Unmarshal(dp.DistributionPoint.FullName.Bytes, &n); err != nil { if _, err := asn1.Unmarshal(dp.DistributionPoint.FullName.Bytes, &n); err != nil {
return nil, err return nil, err
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment