[go] crypto/x509: Authority Key Identifier must be included in all CRLs issued
122 views
Skip to first unread message
Paul van Brouwershaven (Gerrit)
Jan 5, 2015, 11:06:16 AM1/5/15
to golang-co...@googlegroups.com
Paul van Brouwershaven uploaded a change:
https://go-review.googlesource.com/2258
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
---
0 files changed, 0 insertions(+), 0 deletions(-)
--
https://go-review.googlesource.com/2258
https://go-review.googlesource.com/2258
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
---
0 files changed, 0 insertions(+), 0 deletions(-)
--
https://go-review.googlesource.com/2258
Adam Langley (Gerrit)
Jan 12, 2015, 5:07:54 PM1/12/15
to Paul van Brouwershaven, golang-co...@googlegroups.com
Adam Langley has posted comments on this change.
crypto/x509: Authority Key Identifier must be included in all CRLs issued
Patch Set 1:
There's no code change in this CL :)
--
https://go-review.googlesource.com/2258
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-HasComments: No
crypto/x509: Authority Key Identifier must be included in all CRLs issued
There's no code change in this CL :)
--
https://go-review.googlesource.com/2258
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-HasComments: No
Paul van Brouwershaven (Gerrit)
Jan 20, 2015, 8:55:04 AM1/20/15
to Adam Langley, golang-co...@googlegroups.com
Paul van Brouwershaven uploaded a new patch set:
1 file changed, 11 insertions(+), 0 deletions(-)
--
https://go-review.googlesource.com/2258
Gerrit-Reviewer: Adam Langley <a...@golang.org>
https://go-review.googlesource.com/2258
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
---
M src/crypto/x509/x509.go
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
---
1 file changed, 11 insertions(+), 0 deletions(-)
--
https://go-review.googlesource.com/2258
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Adam Langley (Gerrit)
Jan 20, 2015, 6:46:39 PM1/20/15
to Paul van Brouwershaven, golang-co...@googlegroups.com
Adam Langley has posted comments on this change.
crypto/x509: Authority Key Identifier must be included in all CRLs issued
Patch Set 2: Code-Review+2
Gerrit-HasComments: No
Adam Langley (Gerrit)
Jan 20, 2015, 6:46:43 PM1/20/15
to Paul van Brouwershaven, golang-...@googlegroups.com, golang-co...@googlegroups.com
Adam Langley has submitted this change and it was merged.
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
Reviewed-on: https://go-review.googlesource.com/2258
Reviewed-by: Adam Langley <a...@golang.org>
Adam Langley: Looks good to me, approved
crypto/x509: Authority Key Identifier must be included in all CRLs issued
According to RFC5280 the authority key identifier extension MUST included
in all
CRLs issued. This patch includes the authority key identifier extension
when the
Subject Key Identifier is present in the signing certificate.
RFC5280 states:
"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL. The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number. This extension is especially useful where an issuer has more than
one
signing key, either due to multiple concurrent key pairs or due to
changeover."
Conforming CRL issuers MUST use the key identifier method, and MUST include
this
extension in all CRLs issued."
This CL has been discussed at: http://golang.org/cl/177760043
Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
Reviewed-by: Adam Langley <a...@golang.org>
---
M src/crypto/x509/x509.go
1 file changed, 11 insertions(+), 0 deletions(-)
Approvals:
M src/crypto/x509/x509.go
1 file changed, 11 insertions(+), 0 deletions(-)
Adam Langley: Looks good to me, approved
Reply all
Reply to author
Forward
0 new messages