encoding/asn1: requiring DER for Boolean is too strict for some certificates

[dtertman]

ASN.1 / X.690 has two very different standards for Boolean in BER and DER. BER says

If the boolean value is
TRUE
the octet shall have any non-zero value, as a sender's option.
(8.2)
and DER says
If the encoding represents the boolean value TRUE, its single contents octet shall have all eight bits set to one.
(11.1)

Go 1.4.2 follows the DER rule (see https://github.com/golang/go/blob/master/src/encoding/asn1/asn1.go#L57) , with the additional requirement (not stated in the spec) that FALSE is 0x00.

All certificate authorities I have seen generate DER-compliant values. Some tools, though, generate certificates that seem to follow BER here, instead. Here is an example PEM:

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIQOgJHM+7r/xvxxeliFvXjeDANBgkqhkiG9w0BAQUFADAq
MRMwEQYDVQQKEwpXV0dyYWluZ2VyMRMwEQYDVQQDEwpHcmFpbmdlckNBMB4XDTA5
MTAwNjE5MjYyN1oXDTE0MTAwNjE5MjYyN1owKjETMBEGA1UEChMKV1dHcmFpbmdl
cjETMBEGA1UEAxMKR3JhaW5nZXJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAK9f9Sd0psEPBeu4nbbLMfSoKXz/kEmX2RAQfMTemYs9XK9VtOGI8eSg
dLUoF5XIk0fztiaNdHc7mBsgF4Ji94k804kN171knxCpYP2VVDgDH4q9/lU8ZfnT
lHOWyzTjlq8UwoA56Ss5rBVH/6mHESNgVumSAWpZgWPZjicfwyItXPBePIjZTP0C
iWh4Ay23EHPvVvQiPGzFQXgDtRE6AriQltY7/F+KNvlb/Ha8VI5dgGB2RHRwA2Xx
fLsidCN05G3Jo8RkCjN/Wr3epder32/cjGFrmWk8TfJWxkYew8KX+hbBewNfBsCC
Dmcj3KCkCp1Waee/uw8ATw8cHpRsik0CAwDh3aMjMCEwDgYDVR0PAQH/BAQDAgGG
MA8GA1UdEwEB/wQFMAMBAQEwDQYJKoZIhvcNAQEFBQADggEBAEg2pybpiFgdc7dz
Yku+Pf87cZbKMY6IEFwCIa0t+SUQ2R/gjzoWFJgkGmg0haoCBjD0bO+CROOoS/k0
z+hTvhHQsGIZVExguP9hOzgHEYQFpPPO5pmveJVqP6AD94DCfOFBSPu6F+fmo4Jl
SilbQhZ87SkF0MG3+Js1df1JTm083sCJvGSKD/kmy/8AtCyrTW/e9cYw3TLUdGY7
E230B9A5EcWpzZreO1qBcwuA7hmvhyGDQmz6yx16mgpr23tgMpGVs/JnRiOS+xDV
5rjYnn8DpSc7qr7LoZtfLjZZ/JUyrt4AIx+ZuvUjuNTZN7+IU4l2W5V+wHjuIrRt
A+MgdxE=
-----END CERTIFICATE-----

This certificate has the value 0x01 for TRUE in the critical extension BasicConstraints. asn1.go throws a syntax error on it and prevents connection to any server using this CA.

OpenSSL's x509 mode, Python, and Java all successfully evaluate this certificate. Checking source for them shows that they are following the more relaxed BER rules for booleans - anything other than a 0 is TRUE. I believe Go should be able to as well.

[dtertman]

Pushed the fix : https://go-review.googlesource.com/#/c/10802/

[gopherbot]

CL https://golang.org/cl/10802 mentions this issue.

[agl]

No thanks. We've parsed millions of certificates with Go and this issue hasn't come up before. While I don't doubt that some certificates have encoding bugs, this isn't so prevalent that we should mirror the bug in Go. The fact that OpenSSL is lax is due to it's fundamental confusion between DER and BER going back many years. That's something that I'll have to remember to test when we update the certificate building in Chrome.