Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(107)

Issue 177760043: x509: Authority Key Identifier must be included in all CRLs issued (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 8 months ago by Paul van Brouwershaven
Modified:
10 years, 6 months ago
Reviewers:
agl1
Visibility:
Public.

Description

According to RFC5280 the authority key identifier extension MUST included in all CRLs issued. This patch includes the authority key identifier extension when the Subject Key Identifier is present in the signing certificate. RFC5280 states: "The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. The identification can be based on either the key identifier (the subject key identifier in the CRL signer's certificate) or the issuer name and serial number. This extension is especially useful where an issuer has more than one signing key, either due to multiple concurrent key pairs or due to changeover." Conforming CRL issuers MUST use the key identifier method, and MUST include this extension in all CRLs issued."

Patch Set 1 #

Patch Set 2 : diff -r f60b128afd41217fa34662a5cbe1eb0b8c546e71 https://code.google.com/p/go #

Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -0 lines) Patch
M src/crypto/x509/x509.go View 1 1 chunk +11 lines, -0 lines 0 comments Download

Messages

Total messages: 2
Paul van Brouwershaven
According to RFC5280 the authority key identifier extension MUST included in all CRLs issued. This ...
10 years, 8 months ago (2014-11-14 17:47:39 UTC) #1
agl1
10 years, 8 months ago (2014-11-14 18:42:58 UTC) #2
LGTM.

However, I don't think that it should land until 1.4 is done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b