crypto/x509
using a parsed certificate as a Template and clearing PolicyIdentifiers might not remove themNeedsInvestigationrelease-blocker
#64248 opened 2 weeks ago by mateusz834
#64012 opened 3 weeks ago by mateusz834
code signing certificates fail to verify in macOS Ventura and later NeedsInvestigationOS-DarwinWaitingForInfo
#63995 opened 3 weeks ago by sinukus
Allow to pass flags to syscall.CertGetCertificateChain, when using TLS Transport under WindowsNeedsInvestigationOS-WindowsProposalProposal-Crypto
#63238 opened 2 months ago by jkroepke
TestPlatformVerifierLegacy failuresNeedsInvestigation
#62912 opened 2 months ago by gopherbot
AKI (Authority Key Id) exclusion logic is brokenNeedsInvestigation
#62060 opened 3 months ago by furkanmustafa
#62048 opened 3 months ago by rsc
#61576 opened 4 months ago by rolandshoemaker
RevocationList.CheckSignatureFrom doesn't check SubjectNeedsInvestigation
#60728 opened 5 months ago by thierry-f-78
#60718 opened 5 months ago by dachaac
go mod tidy reports certificate expired on a non-expired certificateNeedsInvestigation
#60653 opened 5 months ago by ysmilda
CreateRevocationList over-enforces KeyUsage checkNeedsInvestigation
#59669 opened 7 months ago by cipherboy
ParseCertificate should mention the ownership of the slice passed to it.DocumentationNeedsInvestigation
#59548 opened 7 months ago by mateusz834
Certificate.Verify rejects self-signed leafNeedsInvestigation
#58792 opened 9 months ago by rittneje
Certificate.Verify does not consistently return UnknownAuthorityErrorNeedsInvestigation
#58777 opened 9 months ago by rittneje
#58635 opened 9 months ago by FiloSottile
#58251 opened 10 months ago by rolandshoemaker
#57461 opened 11 months ago by hujun-open
#57428 opened 11 months ago by dmitshur
#56866 opened 1 year ago by izolight
TestPlatformVerifier failures on Windows due to broken connectionsNeedsInvestigationOS-WindowsSecurity
#56791 opened 1 year ago by gopherbot
HTTP POST to Italian government web service fails with "x509: unhandled critical extension" error on Linux hostNeedsInvestigation
#55872 opened 1 year ago by genesio-systemlogic
Verification of ECDSA signed x509 cert, sanitized to LowS certs fails verification with go 1.19NeedsInvestigation
#54549 opened 1 year ago by C0rWin
#53841 opened 1 year ago by hherman1
pkix.Name.String() does not preserve correct order NeedsInvestigation
#52462 opened 2 years ago by bjanders
#52444 opened 2 years ago by rolandshoemaker
#52108 opened 2 years ago by rolandshoemaker
#51991 opened 2 years ago by dims
#51953 opened 2 years ago by haydentherapper
malformed x509 certificate is accepted since 1.17NeedsDecision
#51369 opened 2 years ago by bitmingw
#49519 opened 2 years ago by defacto64
unable to parse Attribute CertificateNeedsInvestigation
#49270 opened 2 years ago by salrashid123
invalid RDNSequence: invalid attribute value: unsupported string type: 4NeedsInvestigation
#48371 opened 2 years ago by c00w
unable to parse certificate with rsassa-pss algorithmNeedsInvestigation
#48314 opened 2 years ago by jpduckwo
inner and outer signature algorithm identifiers don't matchNeedsInvestigation
#47689 opened 2 years ago by groob
support OIDs for tcg-kp (2.23.133.8)NeedsInvestigation
#47620 opened 2 years ago by tracefinder
can't verify signature on RSA-PSS certificate requests it createdNeedsInvestigation
#45990 opened 2 years ago by ycongal-smile
#45857 opened 2 years ago by FiloSottile
store stripped down trust anchorsNeedsInvestigation
#44298 opened 2 years ago by rolandshoemaker
#43780 opened 2 years ago by joeshaw
ParseCertificate and ParseCertificates return different errors with a single bad certificate suppliedNeedsInvestigation
#43113 opened 3 years ago by LujunWeng
#41888 opened 3 years ago by dtoubelis
#41682 opened 3 years ago by FiloSottile
check the Key Usage extensionNeedsFix
#40100 opened 3 years ago by FiloSottile
#40017 opened 3 years ago by FiloSottile
#39540 opened 3 years ago by stephen-fox
Can 'CertPool.contains()' be made public?NeedsInvestigation
#39179 opened 3 years ago by stephen-fox
stop looking at first root storeNeedsFix
#38869 opened 3 years ago by FiloSottile
failed to parse Intermediate CA certificateNeedsInvestigation
#38737 opened 3 years ago by sebastien-rosset
support policyQualifiers in certificatePolicies extensionNeedsInvestigation
#38116 opened 3 years ago by rolandshoemaker
#37176 opened 3 years ago by ihgann
#35887 opened 4 years ago by wking
#34977 opened 4 years ago by SeanBurford
unable to parse certificate parsable by JavaNeedsDecision
#33259 opened 4 years ago by tomjamescn
#32874 opened 4 years ago by trung
#31440 opened 4 years ago by sneis
ObjectIdentifier and ParseCertificate do not support int > 31 bits, preventing support of OID 2.25 (/UUID) (follow-up on #19933)NeedsInvestigation
#30757 opened 4 years ago by vpelletier
#30416 opened 4 years ago by DenisKarch
DN OU orderingNeedsInvestigation
#29040 opened 5 years ago by rikkuness
verify checks root certificateNeedsInvestigation
#28971 opened 5 years ago by vit3k
#26731 opened 5 years ago by bradfitz
#24156 opened 5 years ago by FiloSottile
#21789 opened 6 years ago by SamWhited
AKI is left blank even for non-self-signed cert when subject matches CA's subject fieldNeedsInvestigation
#20002 opened 6 years ago by mikesmitty
#15995 opened 7 years ago by groob
#15196 opened 7 years ago by vanbroup
no support for parsing encrypted PKCS8 private keysFeatureRequest
#8860 opened 9 years ago by gopherbot
#7735 opened 9 years ago by agl