Open dulanshuangqiao opened 2 hours ago
Related Issues and Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Go version
go version go1.18.1 linux/amd64
Output of
go env
in your module/workspace:GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/liu/.cache/go-build" GOENV="/home/liu/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/liu/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/home/liu/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/lib/go-1.18" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/lib/go-1.18/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.18.1" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/dev/null" GOWORK="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3649475886=/tmp/go-build -gno-record-gcc-switches"
What did you do?
I use x509.ParseCertificate(derBytes) to parse a der certificate which has two aki extensions Test Cases.zip
What did you see happen?
The test case was parsed successfully
What did you expect to see?
This test case does not comply with the RFC5280 specification: 4.2 Introduction: "A certificate MUST NOT include more than one instance of a particular extension. For example, a certificate may contain only one authority key identifier extension (Section 4.2.1.1)." Is this a defect? As a comparison, the Bouncycastle function X509CertificateHolder(derBytes) in the Java language throws an error: repeated extension found: 2.5.29.35
Duplicate of #50988
Go version
go version go1.18.1 linux/amd64
Output of
go env
in your module/workspace:What did you do?
I use x509.ParseCertificate(derBytes) to parse a der certificate which has two aki extensions Test Cases.zip
What did you see happen?
The test case was parsed successfully
What did you expect to see?
This test case does not comply with the RFC5280 specification: 4.2 Introduction: "A certificate MUST NOT include more than one instance of a particular extension. For example, a certificate may contain only one authority key identifier extension (Section 4.2.1.1)." Is this a defect? As a comparison, the Bouncycastle function X509CertificateHolder(derBytes) in the Java language throws an error: repeated extension found: 2.5.29.35