diff options
author | Russ Cox <rsc@golang.org> | 2015-12-08 10:04:10 -0500 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2015-12-17 07:17:28 +0000 |
commit | be7544be237b279e45be73963e84ab59916b8ac2 (patch) | |
tree | 71bd33bfb29512fc60503990aecaebec7560e06d | |
parent | 70cee781fc16c743ec3aa0ab441f1cb0254d4a8a (diff) | |
download | go-be7544be237b279e45be73963e84ab59916b8ac2.tar.gz go-be7544be237b279e45be73963e84ab59916b8ac2.zip |
crypto/x509: handle CRLDistributionPoints without FullNames
Fixes #12910.
Change-Id: If446e5dce236483bbb898cc5959baf8371f05142
Reviewed-on: https://go-review.googlesource.com/17550
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
-rw-r--r-- | src/crypto/x509/x509.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 948565ce3e..d9288bb30e 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -1048,7 +1048,7 @@ func parseCertificate(in *certificate) (*Certificate, error) { } case 31: - // RFC 5280, 4.2.1.14 + // RFC 5280, 4.2.1.13 // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint // @@ -1069,6 +1069,11 @@ func parseCertificate(in *certificate) (*Certificate, error) { } for _, dp := range cdp { + // Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty. + if len(dp.DistributionPoint.FullName.Bytes) == 0 { + continue + } + var n asn1.RawValue if _, err := asn1.Unmarshal(dp.DistributionPoint.FullName.Bytes, &n); err != nil { return nil, err |