Open minaevmike opened 7 years ago
Revocation time in the template is not set. This is not an optional field. Now, I can't remember how asn1 package handled zero time value. Maybe it have changed in 1.8
Also, could you please post the ans1 encoded blob (output.ocsp) ? And result of openssl asn1parse -inform DER -i -in output.ocsp
It would be nice to have the blobs from go 1.7 and 1.8, but the 1.8 one should be enough.
After i set revocation time to ocsp response template it works fine on 1.8.
go 1.8
# openssl asn1parse -inform DER -i -in output.ocsp
0:d=0 hl=4 l= 395 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: ENUMERATED :00
7:d=1 hl=4 l= 388 cons: cont [ 0 ]
11:d=2 hl=4 l= 384 cons: SEQUENCE
15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response
26:d=3 hl=4 l= 369 prim: OCTET STRING [HEX DUMP]:3082016D3081CFA15630543125302306035504030C1C6365727469666965645F757365725F303040737075746E696B2E7275312B302906092A864886F70D010901161C6365727469666965645F757365725F303040737075746E696B2E7275180F32303137303330333131303930305A30643062303C300906052B0E03021A05000414DF5285CF5D3A227FA6C1DA395A17E2240BC2DD6F041424816C3961BE490F8FB71B462BC928B527486D68020301E1B9180F32303137303330323131303931325AA011180F32303137303331303131303931325A300A06082A8648CE3D04030403818C00308188024200FE9B0ED7D52A401779CCF11087E1E5B37ABCD60F0D0B98B135F04407AC9E762DDBAA7B4A1379C430BC7783BB21945EE39AEA90E92C24D35C8DFB92025B4A19CEE6024201725141D272B823FC1B1C5D3F8C6CC7B1D76A5A8B993D6C31B49CC0098BFE97D1E5E86DBEC68D72EDCA796B96C41A1D7F7E2F55D7C48ED56948256C31A887BA4E1D
go 1.7
# openssl asn1parse -inform DER -i -in go17output.ocsp
0:d=0 hl=4 l= 413 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: ENUMERATED :00
7:d=1 hl=4 l= 406 cons: cont [ 0 ]
11:d=2 hl=4 l= 402 cons: SEQUENCE
15:d=3 hl=2 l= 9 prim: OBJECT :Basic OCSP Response
26:d=3 hl=4 l= 387 prim: OCTET STRING [HEX DUMP]:3082017F3081E2A15630543125302306035504030C1C6365727469666965645F757365725F303040737075746E696B2E7275312B302906092A864886F70D010901161C6365727469666965645F757365725F303040737075746E696B2E7275180F32303137303330333131313430305A30773075303C300906052B0E03021A05000414DF5285CF5D3A227FA6C1DA395A17E2240BC2DD6F041424816C3961BE490F8FB71B462BC928B527486D68020301E1B9A111180F30303031303130313030303030305A180F32303137303330323131313430335AA011180F32303137303331303131313430335A300A06082A8648CE3D04030403818B003081870241394250CE9E9F60FC2B720923810F700E4041BF23973AD015829FF6E5DAF66F2F68F0BE0CC6A25AA1AA6F78F3FC90FC6791B189EA03F141E32E7F906322F8E6DEFD024200F5A61C7AAAB234DE14E01EDDD4F1230138E68723E479D1B6052357C0064B0AF30A17EC1A68DC0C16ECEC6F265B975F5140D735FD77C2461F18C2F944B6A3428E03
I am not sure that it is bug in go
asn1
or it's inx/ocsp
What version of Go are you using (
go version
)?i am using go version
go1.8 linux/amd64
and go versiongo1.7.5 linux/amd64
What operating system and processor architecture are you using (
go env
)?What did you do?
i am generating ocsp response with
golang.org/x/crypto/ocsp
witch useasn1
inside. And after upgrading to go1.8 i have this problems.when i run this code on go 1.8 i have no errors, but when i am trying to read this response with openssl i have an error
but if i run same code with go1.7 it works fine and openssl run without errors.
Also i found that if i set
remplate.RevocationReason
to non zero value it also works good on go1.8