openssl/openssl

Misjudgment of CRL Distribution Points extension

Open

#26,161 创建于 2024年12月12日

在 GitHub 查看
 (3 评论) (0 反应) (1 负责人)C (11,262 fork)batch import
branch: masterhelp wantedtriaged: feature

仓库指标

Star
 (30,157 star)
PR 合并指标
 (30 天内没有已合并 PR)

描述

RFC5280 describes this extension as follows: When a conforming CA includes a cRLDistributionPoints extension in a certificate, it MUST include at least one DistributionPoint that points to a CRL that covers the certificate for all reasons. I provided a test case that included a CRL distribution point extension, but the extension value was empty, which does not comply with RFC5280. I used the this certificate to conduct a format conversion experiment.Golang throws error for certificate: invalid CRL distribution points, but openssl incorrectly conversion successful. cert.zip image

贡献者指南