Thank you very much!
I think golang implement might be strict. Maybe I should use openssl or cgo
calling other language implement to parse it.
在 2019年7月24日星期三 UTC+8下午9:28:55,Amar Akshat写道:
>
> I think the extensions in your certificate might be invalid. Namely CRL
> Distribution Points: 2.5.29.31
>
> X509v3 CRL Distribution Points:
>
> SEQUENCE {
> 437 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
> 442 1: OCTET STRING 00
>
> : } .
>
> Per the RFC https://www.ietf.org/rfc/rfc5280.txt,
> the cRLDistributionPoints has to respect a certain definition and is
> sequence of distributionPoint(s). In your case it seems to be empty.
> I could parse this certificate with Python's x509 library and openssl
> command as well, but I think these implementations might be lenient in
> parsing non-critical extensions.
>
> An example of valid cRLDistributionPoints extension would be:
>
> X509v3 CRL Distribution Points:
>
> Full Name:
> URI:ldap://www.example.com/ldap?DN=TEST
>
> Full Name:
> URI:http://www.example.com/crl/test.crl
>
>
>
> On Wed, 24 Jul 2019 at 11:09, Wei Tang <tomja...@gmail.com <javascript:>>
> wrote:
>
>> But in Java, the code below can parse the pem content, is there some
>> difference in x509 implemention between golang and java?
>>
>> import java.io.ByteArrayInputStream;
>> import java.security.cert.CertificateFactory;
>> import java.security.cert.X509Certificate;
>>
>>
>> public class SoterServerDemo {
>> public static void main(String[] args) {
>>
>> try {
>>
>> CertificateFactory factory =
>> CertificateFactory.getInstance("X.509");
>> X509Certificate askCertificate = (X509Certificate)
>> factory.generateCertificate(new ByteArrayInputStream("content of pem
>> file".getBytes()));
>>
>> } catch (Exception e) {
>> e.printStackTrace();
>> }
>> }
>> }
>>
>>
>>
>> 在 2019年7月24日星期三 UTC+8下午5:30:41,Wei Tang写道:
>>>
>>> Hi, I have a problem with x509.ParseCertificate.
>>>
>>> My code is:
>>> package main
>>>
>>> import (
>>> "crypto/x509"
>>> "encoding/pem"
>>> "fmt"
>>> )
>>>
>>> func main() {
>>> certPEM := `
>>> -----BEGIN CERTIFICATE-----
>>> MIID7jCCAtigAwIBAgIBATALBgkqhkiG9w0BAQswHTEbMBkGA1UEAxMSSHVhd2Vp
>>> IEtleVN0b3JlICAgMB4XDTE5MDcyNDA4NTQ0NFoXDTI5MDcyNDA4NTQ0NFowGjEY
>>> MBYGA1UEAxMPQSBLZXltYXN0ZXIgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
>>> MIIBCgKCAQEA8WS+DnC9JzGytDPpe3/GVY4xQx0bsPVP1Drf0n3eD+wq6U91QnjX
>>> vhyRXtguDBu8OM5Qc5h8wFIOAUTD4+U/QGLQ3pZN+DXVmwlSJjbx8yMjuiUwInhG
>>> uJ+xzhuEsNFCdxdyaNPmGhUycu09olL2/mcgDQFxusfr5jnnhU9VFv3/x1Y+7mVh
>>> kICFnCE3YQ4ufHOHroQIE0kxnfJF+DkgK1tkdIMHEvX5rJvaqtd0M7RY/PRrE0dE
>>> bYSlAlSAVqdjfLb0LF8tRTcjnIh4lg5NhqCWeAkGw8egUaNW1vFX6SeXrW6uJv2N
>>> OeHxi9VFG7ymaOqB4URS0wGQ6dzoYsx/iwIDAQABo4IBPjCCATowCwYDVR0PBAQD
>>> AgAAMAgGA1UdHwQBADCB9QYKKwYBBAHWeQIBEQSB5jCB4wIBAgoBAQIBAwoBAQR3
>>> eyJjcHVfaWQiOiJIVUFXRUlfSFdITUFfNmYwNzk3ZTQtMWFjNS00YjM3LWEyZTgt
>>> YzY2ZjQ2MTM0YjhlLTIyMzE5ZjcxIiwiY291bnRlciI6MTMsInVpZCI6IjEwNDE3
>>> IiwicnNhX3Bzc19zYWx0bGVuIjozMn0EADASv4N3AgUAv4U9CAIGAWwjMJ1KMEah
>>> CTEHAgUA/wEAAaIDAgEBowQCAggApQUxAwIBBKYFMQMCAQO/gUgFAgMBAAG/hT4D
>>> AgEAv4VBBQIDAV+Qv4VCBQIDAxSxMCkGCSsGAQQBj1seAgEBAAQZMBcCAQCiAwEB
>>> Ab+BSAswCaEHAwUABoAAgDALBgkqhkiG9w0BAQsDggEBAFZRjVpDqujJrwaZqycw
>>> VgrM/J1b2VcVKUPJ39eJXs2S/ur7yUlgSxRcpOufa3IF0XekOUyHTNIroWUz/xLb
>>> X6pv32PCMeavI/6ldl/zEJyy11PKX8ZrVfE05WiWUIJ6BwmDX+RtNjJSJ/xmwfDu
>>> dn0CAx5apWsCMYpcGXQ2g8DRGQpYVdJS/aOTlDHGdSdSesx0TbGL39gjfdDb851L
>>> spVFtcdoxw5nb0obwRItPBF+gHIh3xsYGGDN/EKSNN9YMja4MzgjTeLjNXjs1pXO
>>> f4Fm3OiOfSFnTJuJk/rKQ0TiW+p3EvuZ+tRT+iffJvhdvDAIp7I3pJjaoZw4xwHH
>>> Tr8=
>>> -----END CERTIFICATE-----`
>>> block, _ := pem.Decode([]byte(certPEM))
>>> if block == nil {
>>> panic("failed to parse certificate PEM")
>>> }
>>> cert, err := x509.ParseCertificate(block.Bytes)
>>> if err != nil {
>>> panic("failed to parse certificate: " + err.Error())
>>> }
>>> fmt.Println(cert)
>>> }
>>>
>>>
>>> but x509.ParseCertificate return err:
>>> panic: failed to parse certificate: asn1: syntax error: truncated tag or
>>> length
>>>
>>>
>>> What's wrong?
>>>
>>> Please help.
>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "golang-nuts" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to golan...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/golang-nuts/d571a3cd-4d45-4373-b6e9-ad7b55b104ae%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/golang-nuts/d571a3cd-4d45-4373-b6e9-ad7b55b104ae%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> - Cheers, Amar.
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/08b20321-cea5-4720-94e6-00983e991b68%40googlegroups.com.
