-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509/pkix: Handle emailAddress OID #78
Conversation
This limitation exists in upstream Go too. Earlier reports:
Could you come up with any tests for this if it is important? If possible, you could also submit a proposal upstream. Edit: RFC 5280 (https://tools.ietf.org/html/rfc5280#page-116) defines:
and also in https://tools.ietf.org/html/rfc5280#section-4.1.2.6
I think more work is needed if this field is intended to be fully supported for validation purposes. Is it possible to modify the user instead of stdlib? |
Thanks, @Lekensteyn, for providing some context for this change.
Given (1) this feature is deprecated by RFC5280 and (2) it has been proposed and rejected before, I don't think we should try to upstream this change.
Can you be more specific about what changes are needed? Is it just that you want to see some tests, or are you concerned about the side-effects for users of crypto/x509/pkix?
This is certainly possible, but it would take some doing. To be clear, the goal is to replicate a feature of boringSSL that we need for our server: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/include/openssl/nid.h#303 |
Both, I was originally concerned about side-effects, but on a quick look there shouldn't be any except those that are strict about the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment about the chosen value in the tests, LGTM otherwise.
c4c46f9
to
c0c26f5
Compare
Adds support for the emailAddress OID.