crypto/x509: ParseRevocationList accepts two AKI extensions

### Go version

go version go1.24.1 linux/amd64

### Output of `go env` in your module/workspace:

```shell
Extension OID: 2.5.29.35
Key Identifier: ef69e0f7d51de699ecdc6dd0f7e2b95c64718335
No Authority Cert Issuer
No Authority Cert Serial Number
Extension OID: 2.5.29.20
Extension OID: 2.5.29.35
Key Identifier: ef69e0f7d51de699ecdc6dd0f7e2b95c64718335
No Authority Cert Issuer
No Authority Cert Serial Number
```

### What did you do?

Go successfully parsed the AKI extension information from a CRL file that contains two AKI extensions. However, this test case does not comply with the RFC 5280 specification, which states that a specific extension can only have one instance.

### What did you see happen?

Go successfully parsed the AKI extension information from a CRL file that contains two AKI extensions. 

### What did you expect to see?

[crl_two_aki.zip](https://github.com/user-attachments/files/19459520/crl_two_aki.zip)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

crypto/x509: ParseRevocationList accepts two AKI extensions #73051

Go version

Output of `go env` in your module/workspace:

What did you do?

What did you see happen?

What did you expect to see?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

crypto/x509: ParseRevocationList accepts two AKI extensions #73051

Description

Go version

Output of go env in your module/workspace:

What did you do?

What did you see happen?

What did you expect to see?

Activity

dmitshur commented on Mar 26, 2025

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Issue actions

Output of `go env` in your module/workspace: