crypto/x509

New Issue

rewrite the parser to use x/crypto/cryptobyteNeedsFixearly-in-cycle

#44299 opened 2 weeks ago by rolandshoemaker

store stripped down trust anchorsNeedsInvestigationearly-in-cycle

#44298 opened 2 weeks ago by rolandshoemaker

Certificate.CheckSignatureFrom() inconsistency with OpenSSL NeedsFix

#44237 opened 2 weeks ago by zzma

add crypto/x509/rootcerts package and rootcerts tag to embed CA root certificates in programProposalProposal-Crypto

#43958 opened 1 month ago by breml

Export wrong parse function errorProposalProposal-Crypto

#43780 opened 1 month ago by joeshaw

decryption of PEM file failure not being caughtProposalProposal-Crypto

#43504 opened 1 month ago by pschou

ParseCertificate and ParseCertificates return different errors with a single bad certificate suppliedNeedsInvestigation

#43113 opened 2 months ago by LujunWeng

consider removing support for signing with RSA-MD5NeedsInvestigationProposal-Crypto

#42125 opened 4 months ago by rolandshoemaker

add ability to reload root certificatesNeedsDecisionProposal-Crypto

#41888 opened 4 months ago by dtoubelis

stop verifying SHA-1 signaturesNeedsInvestigationSecurity

#41682 opened 5 months ago by FiloSottile

Google Cloud SQL TLS connections broken in Go 1.15+NeedsInvestigation

#40748 opened 6 months ago by kristiandrucker

check the Key Usage extensionNeedsFix

#40100 opened 7 months ago by FiloSottile

implement OCSP verifierProposalProposal-CryptoProposal-Hold

#40017 opened 8 months ago by FiloSottile

Trust releationship of certs returned by 'x509.SystemCertPool()' is ambiguousNeedsInvestigation

#39540 opened 8 months ago by stephen-fox

add support for PBES2 private keysNeedsInvestigationProposal

#39241 opened 9 months ago by shibe2

Can 'CertPool.contains()' be made public?NeedsInvestigation

#39179 opened 9 months ago by stephen-fox

properly handle errSecInvalidTrustSettings in macOS rootsNeedsInvestigationOS-Darwin

#38888 opened 10 months ago by FiloSottile

stop looking at first root storeNeedsFix

#38869 opened 10 months ago by FiloSottile

update bundled iOS rootsNeedsFixrecurringrelease-blocker

#38843 opened 10 months ago by FiloSottile

failed to parse Intermediate CA certificateNeedsInvestigation

#38737 opened 10 months ago by sebastien-rosset

support policyQualifiers in certificatePolicies extensionNeedsInvestigation

#38116 opened 11 months ago by rolandshoemaker

check that private key matches the issuerNeedsFix

#37845 opened 11 months ago by shoobyban

certificate validation in Windows fails to validate IP in SANNeedsInvestigationOS-Windows

#37176 opened 1 year ago by ihgann

Convenient, efficient way to reload a certificate pool after on-disk changesNeedsInvestigation

#35887 opened 1 year ago by wking

untrusted intermediates are not used on macOSNeedsInvestigationOS-Darwin

#35631 opened 1 year ago by mariusgrigoriu

enable deep copy of x509.CertPoolNeedsInvestigation

#35044 opened 1 year ago by wbl

select a certificate store for systemVerify on WindowsNeedsInvestigationOS-Windows

#34977 opened 1 year ago by SeanBurford

expose hash algorithm for SignatureAlgorithmNeedsInvestigationProposalProposal-Crypto

#33317 opened 2 years ago by bodgit

unable to parse certificate parsable by JavaNeedsDecision

#33259 opened 2 years ago by tomjamescn

ability to add custom curve when parsing X509 certificateProposalProposal-CryptoProposal-Hold

#32874 opened 2 years ago by trung

unexpected name mismatch errorNeedsInvestigationUnfortunate

#31440 opened 2 years ago by sneis

ObjectIdentifier and ParseCertificate do not support int > 31 bits, preventing support of OID 2.25 (/UUID) (follow-up on #19933)NeedsInvestigation

#30757 opened 2 years ago by vpelletier

RSAES-OAEP supportFeatureRequestNeedsInvestigation

#30416 opened 2 years ago by DenisKarch

DN OU orderingNeedsInvestigation

#29040 opened 2 years ago by rikkuness

verify checks root certificateNeedsInvestigation

#28971 opened 2 years ago by vit3k

reduce memory usage when parsing system root certs?NeedsInvestigationPerformance

#26731 opened 2 years ago by bradfitz

doc: clarify package is aimed towards Web PKI support DocumentationNeedsFix

#26624 opened 2 years ago by adamdecaf

http.Response.TLS.VerifiedChains behavior changed in go1.9NeedsInvestigation

#24685 opened 2 years ago by nolith

ensure CreateCertificate won't generate unparsable certificatesNeedsFixTestinghelp wanted

#24156 opened 3 years ago by FiloSottile

NameConstraintsWithoutSANs when checking signing certificateNeedsFix

#24151 opened 3 years ago by thsnr

Provide a mechanism for accessing SRVNamesProposalProposal-AcceptedProposal-Crypto

#21789 opened 3 years ago by SamWhited

does not notice if an RSA SignatureAlgorithm is missing parametersNeedsFix

#21118 opened 3 years ago by agl

AKI is left blank even for non-self-signed cert when subject matches CA's subject fieldNeedsInvestigation

#20002 opened 3 years ago by mikesmitty

TestSystemVerify failures on windows-386-2008 builderBuildersOS-WindowsTestinghelp wanted

#19564 opened 4 years ago by josharian

FetchPEMRoots on macOS takes 20 seconds when there are a lot of trust settingsNeedsInvestigationOS-Darwin

#19561 opened 4 years ago by tbodt

make SystemCertPool work on Windows?NeedsFixOS-Windowshelp wanted

#16736 opened 4 years ago by bradfitz

CertificateRequest does not support attributes not covered by pkix.AttributeTypeAndValueSET

#15995 opened 4 years ago by groob

support DirectoryName name constraintsNeedsDecision

#15196 opened 4 years ago by vanbroup

no support for parsing encrypted PKCS8 private keysFeatureRequest

#8860 opened 6 years ago by gopherbot

add more detail to the error message arising from a missing hash function.NeedsFixhelp wanted

#7735 opened 7 years ago by agl