crypto/x509: handle CRLDistributionPoints without FullNames

Fixes #12910. Change-Id: If446e5dce236483bbb898cc5959baf8371f05142 Reviewed-on: https://go-review.googlesource.com/17550 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
author: Russ Cox <rsc@golang.org> 2015-12-08 10:04:10 -0500
committer: Russ Cox <rsc@golang.org> 2015-12-17 07:17:28 +0000
commit: be7544be237b279e45be73963e84ab59916b8ac2 (patch)
tree: 71bd33bfb29512fc60503990aecaebec7560e06d
parent: 70cee781fc16c743ec3aa0ab441f1cb0254d4a8a (diff)
download: go-be7544be237b279e45be73963e84ab59916b8ac2.tar.gz
go-be7544be237b279e45be73963e84ab59916b8ac2.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 948565ce3e..d9288bb30e 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1048,7 +1048,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
 				}
 
 			case 31:
-				// RFC 5280, 4.2.1.14
+				// RFC 5280, 4.2.1.13
 
 				// CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
 				//
@@ -1069,6 +1069,11 @@ func parseCertificate(in *certificate) (*Certificate, error) {
 				}
 
 				for _, dp := range cdp {
+					// Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty.
+					if len(dp.DistributionPoint.FullName.Bytes) == 0 {
+						continue
+					}
+
 					var n asn1.RawValue
 					if _, err := asn1.Unmarshal(dp.DistributionPoint.FullName.Bytes, &n); err != nil {
 						return nil, err
author	Russ Cox <rsc@golang.org>	2015-12-08 10:04:10 -0500
committer	Russ Cox <rsc@golang.org>	2015-12-17 07:17:28 +0000
commit	be7544be237b279e45be73963e84ab59916b8ac2 (patch)
tree	71bd33bfb29512fc60503990aecaebec7560e06d
parent	70cee781fc16c743ec3aa0ab441f1cb0254d4a8a (diff)
download	go-be7544be237b279e45be73963e84ab59916b8ac2.tar.gz go-be7544be237b279e45be73963e84ab59916b8ac2.zip