Hello all
I am using go crypto libs to create x509 certificate requests (CSR) and
certificates. I noticed that CSR template extra extensions become CSR
template attributes in case I need to marshal / unmarshal csr templates.
For instance, below is a simple code that shows this behaviour:
cr := &x509.CertificateRequest{
Version: 0,
SignatureAlgorithm: getSignatureAlgorithm(),
PublicKeyAlgorithm: getPublicKeyAlgorithm(),
DNSNames: getDNSNames(),
IPAddresses: getIPAddresses(),
ExtraExtensions: getExtraExtensions(),
}
fmt.Printf("********* CSR With extra extensions %+v\n",
cr.ExtraExtensions)
csr, err = x509.CreateCertificateRequest(rand.Reader, cr, privKey)
if err != nil {
return nil, nil, err
}
csrTemplate, err = x509.ParseCertificateRequest(csr)
if err != nil {
return nil, nil, err
}
fmt.Printf("********* CSR Without extra extensions %+v\n",
csrTemplate.ExtraExtensions)
fmt.Printf("********* CSR attributes %+v\n", csrTemplate.Attributes)
As can be seen, the code creates a template (x509.CertificateRequest) and
adds a value for the ExtraExtensions which is printed on the first fmt
call. Then, it calls the method x509.CreateCertificateRequest and
x509.ParseCertificateRequest. After that, the code prints again however now
the ExtraExtensions value is empty while the Attributes have the expected
value.
Is there a reason for it? Based on the crypto documentation, Attributes
field for CertificateRequest is deprecated.
Mauro
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/e3ca2f71-2b16-4735-ad43-fa4d12293fc8n%40googlegroups.com.
