crypto/x509: Correction of incrorrect default version number in...

crypto/x509: Correction of incrorrect default version number in TBSCertificateList and Certificate.CreateCRL

RFC5280 states:

"This optional field describes the version of the encoded CRL.  When
 extensions are used, as required by this profile, this field MUST be
 present and MUST specify version 2 (the integer value is 1)."

This CL has been discussed at: http://golang.org/cl/172560043

Change-Id: I8a72d7593d5ca6714abe9abd6a37437c3b69ab0f
Reviewed-on: https://go-review.googlesource.com/2259Reviewed-by: Adam Langley <agl@golang.org>

src/crypto/x509/pkix/pkix.go

@@ -160,7 +160,7 @@ func (certList *CertificateList) HasExpired(now time.Time) bool {
 // 5280, section 5.1.
 type TBSCertificateList struct {
 	Raw                 asn1.RawContent
-	Version             int `asn1:"optional,default:2"`
+	Version             int `asn1:"optional,default:1"`
 	Signature           AlgorithmIdentifier
 	Issuer              RDNSequence
 	ThisUpdate          time.Time

src/crypto/x509/x509.go

@@ -1575,7 +1575,7 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [
 		return nil, errors.New("x509: non-RSA private keys not supported")
 	}
 	tbsCertList := pkix.TBSCertificateList{
-		Version: 2,
+		Version: 1,
 		Signature: pkix.AlgorithmIdentifier{
 			Algorithm: oidSignatureSHA1WithRSA,
 		},