mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Do not add the CRL distribution points extension.

Browse source 
This extension is added by CloudCAS.
This commit is contained in:
Mariano Cano 2020-09-21 17:09:46 -07:00
parent 38fa780775
commit 8e6d7accf8
2 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cas/cloudcas/certificate.go
View file

@ -21,6 +21,7 @@ var (
oidExtensionAuthorityKeyID = []int{2, 5, 29, 35} oidExtensionAuthorityKeyID = []int{2, 5, 29, 35}
oidExtensionBasicConstraints = []int{2, 5, 29, 19} oidExtensionBasicConstraints = []int{2, 5, 29, 19}
oidExtensionSubjectAltName = []int{2, 5, 29, 17} oidExtensionSubjectAltName = []int{2, 5, 29, 17}
oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31}
oidExtensionCertificatePolicies = []int{2, 5, 29, 32} oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1} oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
) )
@ -32,6 +33,7 @@ var extraExtensions = [...]asn1.ObjectIdentifier{
oidExtensionAuthorityKeyID, // Added by CAS oidExtensionAuthorityKeyID, // Added by CAS
oidExtensionBasicConstraints, // Added in CertificateConfig.ReusableConfig oidExtensionBasicConstraints, // Added in CertificateConfig.ReusableConfig
oidExtensionSubjectAltName, // Added in CertificateConfig.SubjectConfig.SubjectAltName oidExtensionSubjectAltName, // Added in CertificateConfig.SubjectConfig.SubjectAltName
oidExtensionCRLDistributionPoints, // Added by CAS
oidExtensionCertificatePolicies, // Added in CertificateConfig.ReusableConfig oidExtensionCertificatePolicies, // Added in CertificateConfig.ReusableConfig
oidExtensionAuthorityInfoAccess, // Added in CertificateConfig.ReusableConfig and by CAS oidExtensionAuthorityInfoAccess, // Added in CertificateConfig.ReusableConfig and by CAS
} }

4
cas/cloudcas/certificate_test.go
View file

@ -501,8 +501,9 @@ func Test_createReusableConfig(t *testing.T) {
// Extensions // Extensions
{"Extensions", args{&x509.Certificate{ExtraExtensions: []pkix.Extension{ {"Extensions", args{&x509.Certificate{ExtraExtensions: []pkix.Extension{
{Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foobar")}, {Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foobar")},
{Id: []int{2, 5, 29, 17}, Critical: true, Value: []byte("SANs")}, {Id: []int{2, 5, 29, 17}, Critical: true, Value: []byte("SANs")}, //
{Id: []int{4, 3, 2, 1}, Critical: false, Value: []byte("zoobar")}, {Id: []int{4, 3, 2, 1}, Critical: false, Value: []byte("zoobar")},
{Id: []int{2, 5, 29, 31}, Critical: false, Value: []byte("CRL Distribution points")},
}}}, withRCV(&pb.ReusableConfigValues{ }}}, withRCV(&pb.ReusableConfigValues{
AdditionalExtensions: []*pb.X509Extension{ AdditionalExtensions: []*pb.X509Extension{
{ObjectId: &pb.ObjectId{ObjectIdPath: []int32{1, 2, 3, 4}}, Critical: true, Value: []byte("foobar")}, {ObjectId: &pb.ObjectId{ObjectIdPath: []int32{1, 2, 3, 4}}, Critical: true, Value: []byte("foobar")},
@ -534,6 +535,7 @@ func Test_isExtraExtension(t *testing.T) {
{"oidExtensionAuthorityKeyID", args{oidExtensionAuthorityKeyID}, false}, {"oidExtensionAuthorityKeyID", args{oidExtensionAuthorityKeyID}, false},
{"oidExtensionBasicConstraints", args{oidExtensionBasicConstraints}, false}, {"oidExtensionBasicConstraints", args{oidExtensionBasicConstraints}, false},
{"oidExtensionSubjectAltName", args{oidExtensionSubjectAltName}, false}, {"oidExtensionSubjectAltName", args{oidExtensionSubjectAltName}, false},
{"oidExtensionCRLDistributionPoints", args{oidExtensionCRLDistributionPoints}, false},
{"oidExtensionCertificatePolicies", args{oidExtensionCertificatePolicies}, false}, {"oidExtensionCertificatePolicies", args{oidExtensionCertificatePolicies}, false},
{"oidExtensionAuthorityInfoAccess", args{oidExtensionAuthorityInfoAccess}, false}, {"oidExtensionAuthorityInfoAccess", args{oidExtensionAuthorityInfoAccess}, false},
{"other", args{[]int{1, 2, 3, 4}}, true}, {"other", args{[]int{1, 2, 3, 4}}, true},