NOT A CONTRIBUTION
The SignedCertificateTimestamp value parses the whole thing regardless of the version number. RFC 6962 only defines what V1 looks like. The comparable OpenSSL struct has a field that contains the raw encoded SCT in the event that the version is not V1, and only fills in the other fields for V1.
Given that we don't know what V2 would look like, OpenSSL's approach of assuming that the only field we know will exist in V2 is the version field seems like the right approach. With the way x509-parser is doing it, if a V2 SCT ever shows up and cannot be decoded the way V1 is (which seems likely, otherwise why change the version), the entire list of SCTs will fail to parse.
NOT A CONTRIBUTION
The
SignedCertificateTimestampvalue parses the whole thing regardless of the version number. RFC 6962 only defines what V1 looks like. The comparable OpenSSL struct has a field that contains the raw encoded SCT in the event that the version is not V1, and only fills in the other fields for V1.Given that we don't know what V2 would look like, OpenSSL's approach of assuming that the only field we know will exist in V2 is the version field seems like the right approach. With the way x509-parser is doing it, if a V2 SCT ever shows up and cannot be decoded the way V1 is (which seems likely, otherwise why change the version), the entire list of SCTs will fail to parse.