crypto/x509: Authority Key Identifier must be included in all CRLs issued - go - Fork of Go programming language with my patches.

diff options

author	Paul van Brouwershaven <paul@vanbrouwershaven.com>	2015-01-05 11:19:50 +0000
committer	Adam Langley <agl@golang.org>	2015-01-20 23:46:40 +0000
commit	4e7f06511ae6e5116be5223a865a3cfd2ebc6b9f (patch)
tree	5953cf3aafee3663ae418039bbe238b186fc972d /include
parent	cef15faafe5d15ba6242bad3504a52d287f78b88 (diff)
download	go-4e7f06511ae6e5116be5223a865a3cfd2ebc6b9f.tar.xz

crypto/x509: Authority Key Identifier must be included in all CRLs issued

According to RFC5280 the authority key identifier extension MUST included in all CRLs issued. This patch includes the authority key identifier extension when the Subject Key Identifier is present in the signing certificate. RFC5280 states: "The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. The identification can be based on either the key identifier (the subject key identifier in the CRL signer's certificate) or the issuer name and serial number. This extension is especially useful where an issuer has more than one signing key, either due to multiple concurrent key pairs or due to changeover." Conforming CRL issuers MUST use the key identifier method, and MUST include this extension in all CRLs issued." This CL has been discussed at: http://golang.org/cl/177760043 Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad Reviewed-on: https://go-review.googlesource.com/2258 Reviewed-by: Adam Langley <agl@golang.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: