Description
What version of Go are you using (go version)?
1.18
Does this issue reproduce with the latest release?
Ues
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOINSECURE="" GOOS="darwin" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64" GOVCS="" GOVERSION="go1.18.3" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOWORK="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/ql/l3trxc6s4d3bjs8ks9s3k7zw0000gn/T/go-build3444320077=/tmp/go-build -gno-record-gcc-switches -fno-common"
What did you do?
I am trying to create a revocation list with the following codes
revocationList := x509.RevocationList{
RevokedCertificates: removeDups(list),
Number: crlNumber, // +1 on every update
ThisUpdate: time.Now(),
NextUpdate: time.Now().Add(1 * time.Minute),
}
crlBytes, err := x509.CreateRevocationList(rand.Reader, &revocationList, caCert, caKey)
// create the pem
crlPem := pem.EncodeToMemory(&pem.Block{
Type: PEMx509CRLBlock,
Bytes: crlBytes,
})
The RevokedCertificates is as follow
[
{
"SerialNumber": 97,
"RevocationTime": "2022-07-17T04:46:04Z",
"Extensions": null
},
{
"SerialNumber": 117,
"RevocationTime": "2022-07-17T05:17:22Z",
"Extensions": null
},
{
"SerialNumber": 118,
"RevocationTime": "2022-07-17T07:46:12Z",
"Extensions": null
},
{
"SerialNumber": 119,
"RevocationTime": "2022-07-17T07:56:26Z",
"Extensions": null
}
]
What did you expect to see?
I am expecting to see the revoked serial number in the PEM.
What did you see instead?
content of openssl crl -noout -in crl.pem -text
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /C=/ST=/L=/O=/OU=/CN=3rd time after cleaning up
Last Update: Jul 17 08:21:09 2022 GMT
Next Update: Jul 17 08:22:09 2022 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:4C:10:E5:BC:4A:F2:D7:1A:E8:F9:40:02:DA:D0:B9:55:24:38:50:90
X509v3 CRL Number:
21
Revoked Certificates:
Serial Number: 61
Revocation Date: Jul 17 04:46:04 2022 GMT
Serial Number: 75
Revocation Date: Jul 17 05:17:22 2022 GMT
Serial Number: 76
Revocation Date: Jul 17 07:46:12 2022 GMT
Serial Number: 77
Revocation Date: Jul 17 07:56:26 2022 GMT
Signature Algorithm: sha256WithRSAEncryption
d7:98:29:03:32:3b:4e:3c:57:f7:6b:95:0f:01:7b:df:21:f1:
e7:72:ec:0e:68:21:63:14:6d:bc:ba:d2:e9:3b:f9:e3:ff:ae:
d5:c6:0e:ae:06:6a:83:db:0e:92:4e:ac:0b:2b:ea:a2:fe:e1:
a6:40:43:d7:7b:d0:34:68:82:f2:2d:bf:94:fd:54:63:2e:fd:
61:cd:fe:5c:ea:6d:e0:89:e5:6b:c4:a6:9f:26:c4:55:fa:71:
f2:71:5e:a5:12:51:79:f5:6c:d4:6f:58:2e:6d:9d:21:01:bd:
16:38:d3:2d:91:dc:f6:54:38:aa:2d:6e:8c:8d:25:4b:77:ef:
d9:de:7c:dd:8a:77:38:a3:a5:68:37:7f:04:b4:6b:0a:76:6a:
98:7c:db:8b:6f:d1:aa:86:db:d3:4d:5e:26:91:3b:6d:e8:b7:
25:11:bc:84:09:85:43:00:eb:90:7b:00:1b:35:77:74:98:86:
04:64:ef:52:4f:c5:8e:87:a6:11:55:e5:5b:46:97:72:27:5f:
db:ea:42:71:5b:9d:ac:b8:3e:76:95:c0:0d:af:d2:eb:30:2b:
52:4c:5f:aa:d9:b8:d6:10:03:2e:50:55:48:20:cf:51:7e:59:
af:d0:9e:70:f1:c2:58:28:5c:29:50:32:a0:e7:3d:24:ec:13:
b5:44:7d:8d
The content of the crl.pem is as follow
-----BEGIN X509 CRL-----
MIICKTCCARECAQEwDQYJKoZIhvcNAQELBQAwXDEJMAcGA1UEBhMAMQkwBwYDVQQI
EwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxIzAhBgNVBAMTGjNy
ZCB0aW1lIGFmdGVyIGNsZWFuaW5nIHVwFw0yMjA3MTcwODIxMDlaFw0yMjA3MTcw
ODIyMDlaMFAwEgIBYRcNMjIwNzE3MDQ0NjA0WjASAgF1Fw0yMjA3MTcwNTE3MjJa
MBICAXYXDTIyMDcxNzA3NDYxMlowEgIBdxcNMjIwNzE3MDc1NjI2WqAvMC0wHwYD
VR0jBBgwFoAUTBDlvEry1xro+UAC2tC5VSQ4UJAwCgYDVR0UBAMCARUwDQYJKoZI
hvcNAQELBQADggEBANeYKQMyO048V/drlQ8Be98h8edy7A5oIWMUbby60uk7+eP/
rtXGDq4GaoPbDpJOrAsr6qL+4aZAQ9d70DRogvItv5T9VGMu/WHN/lzqbeCJ5WvE
pp8mxFX6cfJxXqUSUXn1bNRvWC5tnSEBvRY40y2R3PZUOKotboyNJUt379nefN2K
dzijpWg3fwS0awp2aph824tv0aqG29NNXiaRO23otyURvIQJhUMA65B7ABs1d3SY
hgRk71JPxY6HphFV5VtGl3InX9vqQnFbnay4PnaVwA2v0uswK1JMX6rZuNYQAy5Q
VUggz1F+Wa/QnnDxwlgoXClQMqDnPSTsE7VEfY0=
-----END X509 CRL-----
One of the online decoder I used, however shows the correct number
Version: 2
IssuerDN: C=,ST=,L=,O=,OU=,CN=3rd time after cleaning up
This update: Sun Jul 17 08:21:09 UTC 2022
Next update: Sun Jul 17 08:22:09 UTC 2022
Signature Algorithm: SHA256WITHRSA
Signature: d7982903323b4e3c57f76b950f017bdf21f1e772
ec0e682163146dbcbad2e93bf9e3ffaed5c60eae
066a83db0e924eac0b2beaa2fee1a64043d77bd0
346882f22dbf94fd54632efd61cdfe5cea6de089
e56bc4a69f26c455fa71f2715ea5125179f56cd4
6f582e6d9d2101bd1638d32d91dcf65438aa2d6e
8c8d254b77efd9de7cdd8a7738a3a568377f04b4
6b0a766a987cdb8b6fd1aa86dbd34d5e26913b6d
e8b72511bc8409854300eb907b001b3577749886
0464ef524fc58e87a61155e55b469772275fdbea
42715b9dacb83e7695c00dafd2eb302b524c5faa
d9b8d610032e50554820cf517e59afd09e70f1c2
58285c295032a0e73d24ec13b5447d8d
Extensions:
critical(false) 2.5.29.35 value = Sequence
Tagged [0] IMPLICIT
DER Octet String[20]
critical(false) CRLNumber: 21
userCertificate: 119
revocationDate: Sun Jul 17 07:56:26 UTC 2022
certificateIssuer: null
userCertificate: 118
revocationDate: Sun Jul 17 07:46:12 UTC 2022
certificateIssuer: null
userCertificate: 117
revocationDate: Sun Jul 17 05:17:22 UTC 2022
certificateIssuer: null
userCertificate: 97
revocationDate: Sun Jul 17 04:46:04 UTC 2022
certificateIssuer: null
PS: Maybe it's my codes that's wrong, if it is, please enlighten me.