crypto/x509: add RevocationList and CreateRevocationList

[rolandshoemaker]

The existing Certificate.CreateCRL method generates non-conformant CRLs and
as such cannot be used for implementations that require standards
compliance. This change implements a new top level method, CreateCRL, which
generates compliant CRLs, and offers an extensible API if any
extensions/fields need to be supported in the future.

Here is an example Issuer/CRL generated using this change:
-----BEGIN CERTIFICATE-----
MIIBNjCB3aADAgECAgEWMAoGCCqGSM49BAMCMBIxEDAOBgNVBAMTB3Rlc3Rpbmcw
IhgPMDAwMTAxMDEwMDAwMDBaGA8wMDAxMDEwMTAwMDAwMFowEjEQMA4GA1UEAxMH
dGVzdGluZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLHrudbSM36sn1VBrmm/
OfQTyEsI4tIUV1VmneOKHL9ENBGCiec4GhQm2SGnDT/sZy2bB3c3yozh/roS6cZJ
UZqjIDAeMA4GA1UdDwEB/wQEAwIBAjAMBgNVHQ4EBQQDAQIDMAoGCCqGSM49BAMC
A0gAMEUCIQCoAYN6CGZPgd5Sw5a1rd5VexciT5MCxTfXj+ZfJNfoiAIgQVCTB8AE
Nm2xset7+HOgtQYlKNw/rGd8cFcv5Y9aUzo=
-----END CERTIFICATE-----
-----BEGIN X509 CRL-----
MIHWMH0CAQEwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAxMHdGVzdGluZxgPMDAwMTAx
MDIwMDAwMDBaGA8wMDAxMDEwMzAwMDAwMFowFjAUAgECGA8wMDAxMDEwMTAxMDAw
MFqgHjAcMA4GA1UdIwQHMAWAAwECAzAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNJ
ADBGAiEAjqfj/IG4ys5WkjrbTNpDbr+saHGO/NujLJotlLL9KzgCIQDm8VZPzj0f
NYEQgAW4nsiUzlvEUCoHMw0141VCZXv67A==
-----END X509 CRL-----

Fixes #35428

[gopherbot]

This PR (HEAD: 1da2356) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Gobot Gobot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Paul van Brouwershaven:

Patch Set 1:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Emmanuel Odeke:

Patch Set 1: Run-TryBot+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 1:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=687d1666

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 1: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 03be885) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Roland Shoemaker:

Patch Set 1:

(2 comments)

Thanks for the review Paul, I've addressed both of your comments.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Paul van Brouwershaven:

Patch Set 2: Code-Review+1

(2 comments)

LGTM

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Bilal Ashraf:

Patch Set 2:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 3aaef85) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Roland Shoemaker:

Patch Set 2:

(1 comment)

Seems reasonable to allow setting SignatureAlgorithm, done.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: f0cdbcd) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

This PR (HEAD: 8eabd2f) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Paul van Brouwershaven:

Patch Set 5:

Should we add a ParseRevocationList function to the new RevocationList type, currently it only exposes a CreateRevocationList function but naturally I would also expose a parse for this new type.

I would also like to suggest to include the RawIssuer similar to the Certificate type.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Filippo Valsorda:

Patch Set 5: Run-TryBot+1

(10 comments)

LGTM with some docs comments, and making sure we are handling the zero length case correctly.

Can you drop in the commit message a issuer / CRL pair we can verify with OpenSSL?

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 5:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=2657199f

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 5: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: c83a601) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/217298 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[gopherbot]

Message from Roland Shoemaker:

Patch Set 7:

Patch Set 5: Run-TryBot+1

(10 comments)

LGTM with some docs comments, and making sure we are handling the zero length case correctly.

Can you drop in the commit message a issuer / CRL pair we can verify with OpenSSL?

I think I hit all these comments, and added an extra test case or two.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Roland Shoemaker:

Patch Set 7:

(9 comments)

(Always forget to publish my drafts ._.)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Filippo Valsorda:

Patch Set 7: Run-TryBot+1 Code-Review+2

Patch Set 7:

Patch Set 5: Run-TryBot+1

(10 comments)

LGTM with some docs comments, and making sure we are handling the zero length case correctly.

Can you drop in the commit message a issuer / CRL pair we can verify with OpenSSL?

I think I hit all these comments, and added an extra test case or two.

$ openssl crl -in crl.pem -CAfile ca.pem
verify OK

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 7:

TryBots beginning. Status page: https://farmer.golang.org/try?commit=d93e9761

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Gobot Gobot:

Patch Set 7: TryBot-Result+1

TryBots are happy.

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/217298.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR is being closed because golang.org/cl/217298 has been merged.