diff --git a/cmd/ceremony/cert.go b/cmd/ceremony/cert.go index 0fcf6ce1f..d0da70f37 100644 --- a/cmd/ceremony/cert.go +++ b/cmd/ceremony/cert.go @@ -318,12 +318,6 @@ func makeTemplate(randReader io.Reader, profile *certProfile, pubKey []byte, tbc } for _, policyConfig := range profile.Policies { - asnOID, err := parseOID(policyConfig.OID) - if err != nil { - return nil, err - } - cert.PolicyIdentifiers = append(cert.PolicyIdentifiers, asnOID) - x509OID, err := x509.ParseOID(policyConfig.OID) if err != nil { return nil, fmt.Errorf("failed to parse %s as OID: %w", policyConfig.OID, err) diff --git a/cmd/ceremony/cert_test.go b/cmd/ceremony/cert_test.go index eb98ff2f8..7d62819a7 100644 --- a/cmd/ceremony/cert_test.go +++ b/cmd/ceremony/cert_test.go @@ -127,7 +127,6 @@ func TestMakeTemplateRoot(t *testing.T) { test.AssertEquals(t, len(cert.IssuingCertificateURL), 1) test.AssertEquals(t, cert.IssuingCertificateURL[0], profile.IssuerURL) test.AssertEquals(t, cert.KeyUsage, x509.KeyUsageDigitalSignature|x509.KeyUsageCRLSign) - test.AssertEquals(t, len(cert.PolicyIdentifiers), 2) test.AssertEquals(t, len(cert.Policies), 2) test.AssertEquals(t, len(cert.ExtKeyUsage), 0) diff --git a/cmd/cert-checker/main_test.go b/cmd/cert-checker/main_test.go index ba59c8edc..e6a53f4c3 100644 --- a/cmd/cert-checker/main_test.go +++ b/cmd/cert-checker/main_test.go @@ -591,14 +591,11 @@ func TestIgnoredLint(t *testing.T) { Subject: pkix.Name{ CommonName: "CPU's Cool CA", }, - SerialNumber: serial, - NotBefore: time.Now(), - NotAfter: time.Now().Add(testValidityDuration - time.Second), - KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, - PolicyIdentifiers: []asn1.ObjectIdentifier{ - {1, 2, 3}, - }, + SerialNumber: serial, + NotBefore: time.Now(), + NotAfter: time.Now().Add(testValidityDuration - time.Second), + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, Policies: []x509.OID{x509OID}, BasicConstraintsValid: true, IsCA: true, diff --git a/issuance/cert.go b/issuance/cert.go index c4d8ffeab..1502f3c7b 100644 --- a/issuance/cert.go +++ b/issuance/cert.go @@ -305,7 +305,6 @@ func (i *Issuer) requestValid(clk clock.Clock, prof *Profile, req *IssuanceReque } // Baseline Requirements, Section 7.1.6.1: domain-validated -var domainValidatedASN1OID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1} var domainValidatedOID = func() x509.OID { x509OID, err := x509.OIDFromInts([]uint64{2, 23, 140, 1, 2, 1}) if err != nil { @@ -322,8 +321,7 @@ func (i *Issuer) generateTemplate() *x509.Certificate { IssuingCertificateURL: []string{i.issuerURL}, BasicConstraintsValid: true, // Baseline Requirements, Section 7.1.6.1: domain-validated - PolicyIdentifiers: []asn1.ObjectIdentifier{domainValidatedASN1OID}, - Policies: []x509.OID{domainValidatedOID}, + Policies: []x509.OID{domainValidatedOID}, } return template diff --git a/issuance/cert_test.go b/issuance/cert_test.go index c617bd878..90e227e46 100644 --- a/issuance/cert_test.go +++ b/issuance/cert_test.go @@ -9,7 +9,6 @@ import ( "crypto/rsa" "crypto/x509" "crypto/x509/pkix" - "encoding/asn1" "encoding/base64" "fmt" "reflect" @@ -336,7 +335,6 @@ func TestGenerateTemplate(t *testing.T) { IssuingCertificateURL: []string{"http://issuer"}, OCSPServer: []string{"http://ocsp"}, CRLDistributionPoints: nil, - PolicyIdentifiers: []asn1.ObjectIdentifier{domainValidatedASN1OID}, Policies: []x509.OID{domainValidatedOID}, } diff --git a/linter/linter.go b/linter/linter.go index 249e5ab91..522dd5ee5 100644 --- a/linter/linter.go +++ b/linter/linter.go @@ -194,7 +194,6 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C PermittedEmailAddresses: realIssuer.PermittedEmailAddresses, PermittedIPRanges: realIssuer.PermittedIPRanges, PermittedURIDomains: realIssuer.PermittedURIDomains, - PolicyIdentifiers: realIssuer.PolicyIdentifiers, Policies: realIssuer.Policies, SerialNumber: realIssuer.SerialNumber, Subject: realIssuer.Subject,