Open
Description
Go version
go version go1.24.2 linux/amd64
Output of go env in your module/workspace:
emptyWhat did you do?
Hello Developer, I successfully parsed a CRL file with an empty Key Identifier using Go.When I used GnuTLS to parse this CRL file, it returned an error: error: gnutls_x509_ext_import_authority_key_id: ASN1 parser: Error in DER parsing. Is this considered an error?
What did you see happen?
Code:
package main
import (
"crypto/x509"
"encoding/asn1"
"encoding/hex"
"flag"
"fmt"
"os"
"math/big"
)
func main() {
crlFilePath := flag.String("crl", "", "Path to the CRL file")
flag.Parse()
if *crlFilePath == "" {
fmt.Println("CRL file path is required")
os.Exit(1)
}
derBytes, err := os.ReadFile(*crlFilePath)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
crl, err := x509.ParseRevocationList(derBytes)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
oidAuthorityKeyIdentifier := asn1.ObjectIdentifier{2, 5, 29, 35}
for _, ext := range crl.Extensions {
if ext.Id.Equal(oidAuthorityKeyIdentifier) {
var aki struct {
KeyIdentifier []byte `asn1:"optional,tag:0"`
AuthorityCertIssuer []asn1.RawValue `asn1:"optional,tag:1"`
AuthorityCertSerialNumber *big.Int `asn1:"optional,tag:2"`
}
if _, err := asn1.Unmarshal(ext.Value, &aki); err != nil {
fmt.Printf("AKI error: %v\n", err)
continue
}
if aki.KeyIdentifier != nil {
fmt.Printf("%s\n", toColonHex(aki.KeyIdentifier))
}
}
}
}
func toColonHex(data []byte) string {
if len(data) == 0 {
return ""
}
buf := make([]byte, 0, len(data)*3)
for i, b := range data {
if i > 0 {
buf = append(buf, ':')
}
buf = append(buf, hex.EncodeToString([]byte{b})...)
}
return string(buf)
}
What did you expect to see?
Test Case: