Disable check of pre-cert poision value

Too many pre-certs in the logs with the wrong value :-(
2026-02-02 02:34:20 +01:00 · 2016-05-09 15:46:14 -07:00
parent 9342adcd93
commit e99ee481a4
1 changed files with 3 additions and 0 deletions
--- a/precerts.go
+++ b/precerts.go
@@ -77,9 +77,12 @@ func ValidatePrecert (precertBytes []byte, tbsBytes []byte) error {
 			if !precertExt.Critical {
 				return errors.New("pre-cert poison extension is not critical")
 			}
+			/* CAs can't even get this right, and Google's logs don't check.  Fortunately,
+			   it's not that important.
 			if !bytes.Equal(precertExt.Value, []byte{0x05, 0x00}) {
 				return errors.New("pre-cert poison extension contains incorrect value")
 			}
+			*/
 			precertHasPoison = true
 			continue
 		}