crypto/x509: ignore non-critical email constraints

Previously we tried to parse email constraints as the maximum base distance (which is unused and must be omitted according to RFC 5280) because they share the same tag number. Rather than complicate the code further, this CL just ignores the unused values. R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/6552044

crypto/x509: ignore non-critical email constraints
Previously we tried to parse email constraints as the maximum base distance (which is unused and must be omitted according to RFC 5280) because they share the same tag number. Rather than complicate the code further, this CL just ignores the unused values. R=golang-dev, bradfitz CC=golang-dev https://golang.org/cl/6552044
be11889a · Adam Langley · 036640fa · be11889a
Commit be11889a authored Sep 20, 2012 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

x509.go src/pkg/crypto/x509/x509.go +1 -3

No files found.
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -613,8 +613,6 @@ type nameConstraints struct {

 type generalSubtree struct {
 	Name string `asn1:"tag:2,optional,ia5"`
-	Min  int    `asn1:"optional,tag:0"`
-	Max  int    `asn1:"optional,tag:1"`
 }

 func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
@@ -831,7 +829,7 @@ func parseCertificate(in *certificate) (*Certificate, error) {
 				}

 				for _, subtree := range constraints.Permitted {
-					if subtree.Min > 0 || subtree.Max > 0 || len(subtree.Name) == 0 {
+					if len(subtree.Name) == 0 {
 						if e.Critical {
 							return out, UnhandledCriticalExtension{}
 						}