Skip to content

crypto/x509: ParseRevocationList accepts a GeneralName with an incorrect tag #73285

New issue
New issue
Open
Open
crypto/x509: ParseRevocationList accepts a GeneralName with an incorrect tag#73285
Labels
BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
@onepeople158

Description

@onepeople158
onepeople158
opened on Apr 9, 2025

Go version

go version go1.24.2 linux/amd64

Output of go env in your module/workspace:

IDP Extension Flags:
 Only Contains User Certificates: false
 Only Contains CA Certificates: false
 Indirect CRL: false
Tag: 5
gn.Bytes [134 23 104 116 116 112 115 58 47 47 119 119 119 46 101 120 97 109 112 108 101 46 99 111 109]
[Entry 1] Distribution Point URI: https://www.example.com

What did you do?

In this CRL file, the GeneralName in the fullName of the distributionPoint in the IDP extension is tagged as a context-specific tag and simple encoding, with the tag value set to 5. This violates the RFC5280 specification.However, when I use Go to parse this CRL file,Go successfully extracts the URI value from the GeneralName without any errors. Is this a bug, or is it a feature of Go?

What did you see happen?

Go parsed a GeneralName with an incorrect tag.

What did you expect to see?

go_main.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions