crypto/x509

Certificates with an Email ... failed parsing cause of @ versus ASN1 + InsecureSkipVerify never checkNeedsInvestigation

#52964 opened 6 days ago by OlivierMary

checkSignature why the loop doesn't `break` after finding `algo`?NeedsFix

#52955 opened 1 week ago by dchaofei

macOS flakes due to "certificate is not standards compliant"BuildersNeedsInvestigationOS-Darwinrelease-blocker

#52854 opened 1 week ago by neild

pkix.Name.String() does not preserve correct order NeedsInvestigation

#52462 opened 1 month ago by bjanders

provide method for generating conformant serial numbersProposalProposal-Crypto

#52444 opened 1 month ago by rolandshoemaker

verification with system and custom roots (backport to 1.17?)NeedsDecision

#52370 opened 1 month ago by dims

come up with better solution for testing platform verifiersNeedsFix

#52108 opened 1 month ago by rolandshoemaker

go1.18 stops returning typed errors when using system roots on darwinNeedsInvestigation

#52010 opened 1 month ago by liggitt

"certificate is not standards compliant" on MacOSNeedsInvestigationOS-Darwin

#51991 opened 1 month ago by dims

VerifyOptions.Roots does not enforce that certificates are root certificatesNeedsDecision

#51953 opened 2 months ago by haydentherapper

TestHybridPool failures on Windows with `x509: certificate signed by unknown authority`NeedsInvestigationOS-Windowsrelease-blocker

#51599 opened 2 months ago by bcmills

malformed x509 certificate is accepted since 1.17NeedsDecision

#51369 opened 2 months ago by bitmingw

wrong result checking signature of CSR with unordered multi-value RDNNeedsDecision

#49519 opened 6 months ago by defacto64

unable to parse Attribute CertificateNeedsInvestigation

#49270 opened 6 months ago by salrashid123

invalid RDNSequence: invalid attribute value: unsupported string type: 4NeedsInvestigation

#48371 opened 8 months ago by c00w

unable to parse certificate with rsassa-pss algorithmNeedsInvestigation

#48314 opened 8 months ago by jpduckwo

inner and outer signature algorithm identifiers don't matchNeedsInvestigation

#47689 opened 9 months ago by groob

support OIDs for tcg-kp (2.23.133.8)NeedsInvestigation

#47620 opened 9 months ago by tracefinder

can't verify signature on RSA-PSS certificate requests it createdNeedsInvestigation

#45990 opened 1 year ago by ycongal-smile

add a PKITS testNeedsFixTestinghelp wanted

#45857 opened 1 year ago by FiloSottile

store stripped down trust anchorsNeedsInvestigation

#44298 opened 1 year ago by rolandshoemaker

add crypto/x509/rootcerts package and rootcerts tag to embed CA root certificates in programProposalProposal-Crypto

#43958 opened 1 year ago by breml

Export wrong parse function errorProposalProposal-Crypto

#43780 opened 1 year ago by joeshaw

decryption of PEM file failure not being caughtProposalProposal-Crypto

#43504 opened 1 year ago by pschou

ParseCertificate and ParseCertificates return different errors with a single bad certificate suppliedNeedsInvestigation

#43113 opened 1 year ago by LujunWeng

add ability to reload root certificatesNeedsDecisionProposal-Crypto

#41888 opened 2 years ago by dtoubelis

reject SHA-1 signatures in VerifyNeedsFixProposalProposal-AcceptedProposal-CryptoSecurity

#41682 opened 2 years ago by FiloSottile

Google Cloud SQL TLS connections broken in Go 1.15+NeedsInvestigation

#40748 opened 2 years ago by kristiandrucker

check the Key Usage extensionNeedsFix

#40100 opened 2 years ago by FiloSottile

implement OCSP verifierProposalProposal-CryptoProposal-Hold

#40017 opened 2 years ago by FiloSottile

Trust relationship of certs returned by 'x509.SystemCertPool()' is ambiguousNeedsInvestigation

#39540 opened 2 years ago by stephen-fox

add support for PBES2 private keysNeedsInvestigationProposal

#39241 opened 2 years ago by shibe2

Can 'CertPool.contains()' be made public?NeedsInvestigation

#39179 opened 2 years ago by stephen-fox

stop looking at first root storeNeedsFix

#38869 opened 2 years ago by FiloSottile

failed to parse Intermediate CA certificateNeedsInvestigation

#38737 opened 2 years ago by sebastien-rosset

support policyQualifiers in certificatePolicies extensionNeedsInvestigation

#38116 opened 2 years ago by rolandshoemaker

certificate validation in Windows fails to validate IP in SANNeedsInvestigationOS-Windows

#37176 opened 2 years ago by ihgann

Convenient, efficient way to reload a certificate pool after on-disk changesNeedsInvestigation

#35887 opened 2 years ago by wking

select a certificate store for systemVerify on WindowsNeedsInvestigationOS-Windows

#34977 opened 2 years ago by SeanBurford

expose hash algorithm for SignatureAlgorithmNeedsInvestigationProposalProposal-Crypto

#33317 opened 2 years ago by bodgit

unable to parse certificate parsable by JavaNeedsDecision

#33259 opened 2 years ago by tomjamescn

ability to add custom curve when parsing X509 certificateProposalProposal-CryptoProposal-Hold

#32874 opened 2 years ago by trung

unexpected name mismatch errorNeedsInvestigationUnfortunate

#31440 opened 3 years ago by sneis

ObjectIdentifier and ParseCertificate do not support int > 31 bits, preventing support of OID 2.25 (/UUID) (follow-up on #19933)NeedsInvestigation

#30757 opened 3 years ago by vpelletier

RSAES-OAEP supportFeatureRequestNeedsInvestigation

#30416 opened 3 years ago by DenisKarch

DN OU orderingNeedsInvestigation

#29040 opened 3 years ago by rikkuness

verify checks root certificateNeedsInvestigation

#28971 opened 3 years ago by vit3k

reduce memory usage when parsing system root certs?NeedsInvestigationPerformance

#26731 opened 3 years ago by bradfitz

doc: clarify package is aimed towards Web PKI support DocumentationNeedsFix

#26624 opened 3 years ago by adamdecaf

ensure CreateCertificate won't generate unparsable certificatesNeedsFixTestinghelp wanted

#24156 opened 4 years ago by FiloSottile

Provide a mechanism for accessing SRVNamesProposalProposal-AcceptedProposal-Crypto

#21789 opened 4 years ago by SamWhited

AKI is left blank even for non-self-signed cert when subject matches CA's subject fieldNeedsInvestigation

#20002 opened 5 years ago by mikesmitty

CertificateRequest does not support attributes not covered by pkix.AttributeTypeAndValueSET

#15995 opened 6 years ago by groob

support DirectoryName name constraintsNeedsDecision

#15196 opened 6 years ago by vanbroup

no support for parsing encrypted PKCS8 private keysFeatureRequest

#8860 opened 7 years ago by gopherbot

add more detail to the error message arising from a missing hash function.NeedsFixhelp wanted

#7735 opened 8 years ago by agl