ocsp: add support for OCSP response extensions
Some current uses of OCSP require extensions. In particular, Certificate
Transparency (RFC 6962) can use an OCSP extension to carry a Signed
Certificate Timestamp. This patch adds support for OCSP extensions (in
particular, singleExtensions), by adding Extensions and ExtraExtensions
fields with the same semantics as in x509.Certificate.
As a side-effect, trying to parse a response with a critical extension
will now return an error, just like parsing a certificate.
This change does not enable extensions in OCSP requests, just responses.
Change-Id: I5918f26ea1bb9d1ece96e85a6bb7691c7c017467
Reviewed-on: https://go-review.googlesource.com/18202
Reviewed-by: Adam Langley <agl@golang.org>
2 files changed
