src/crypto/x509/x509.go | 24 ------------------------ src/crypto/x509/x509_test.go | 4 ---- diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 42d8158d63ce75052e0b74eea7f62d33143434f6..8c0299b11e9b5ad606591c38304cc8f2c3684437 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -1997,15 +1997,6 @@ Value: sanBytes, }) } - if template.KeyUsage != 0 && - !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) { - ext, err := marshalKeyUsage(template.KeyUsage) - if err != nil { - return nil, err - } - ret = append(ret, ext) - } - return append(ret, template.ExtraExtensions...), nil } @@ -2371,7 +2362,6 @@ Version int Signature []byte SignatureAlgorithm SignatureAlgorithm - KeyUsage KeyUsage PublicKeyAlgorithm PublicKeyAlgorithm PublicKey interface{} @@ -2501,15 +2491,6 @@ // - DNSNames // - EmailAddresses // - IPAddresses // - URIs -// - KeyUsage -// - ExtKeyUsage -// - UnknownExtKeyUsage -// - BasicConstraintsValid -// - IsCA -// - MaxPathLen -// - MaxPathLenZero -// - SubjectKeyId -// - PolicyIdentifiers // - ExtraExtensions // - Attributes (deprecated) // @@ -2731,11 +2712,6 @@ for _, extension := range out.Extensions { switch { case extension.Id.Equal(oidExtensionSubjectAltName): out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(extension.Value) - if err != nil { - return nil, err - } - case extension.Id.Equal(oidExtensionKeyUsage): - out.KeyUsage, err = parseKeyUsageExtension(extension.Value) if err != nil { return nil, err } diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go index d5c7ec466b852d3baef3ecfb6503e262eecf5ada..51dda16815b0bb13d7bb6eb9c817ef203edd1c75 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -2977,7 +2977,6 @@ DNSNames: []string{"example.com", "example.org"}, EmailAddresses: []string{"a@example.com", "b@example.com"}, IPAddresses: []net.IP{net.IPv4(192, 0, 2, 0), net.IPv6loopback}, URIs: []*url.URL{urlA, urlB}, - KeyUsage: KeyUsageCertSign, } out := marshalAndParseCSR(t, in) @@ -2994,8 +2993,5 @@ t.Fatalf("Unexpected IPAddresses: got %v, want %v", out.IPAddresses, in.IPAddresses) } if !reflect.DeepEqual(in.URIs, out.URIs) { t.Fatalf("Unexpected URIs: got %v, want %v", out.URIs, in.URIs) - } - if in.KeyUsage != out.KeyUsage { - t.Fatalf("Unexpected KeyUsage: got %v, want %v", out.KeyUsage, in.KeyUsage) } }