crypto/x509

reconsider the expansion of CertificateRequestNeedsFixrelease-blocker

#43477 opened 3 weeks ago by AGWA

IsEncryptedPEMBlock returns false on valid encrypted keys. ParseRawPrivateKeyWithPassphrase fails on PKCS8 format encrypted key.DocumentationNeedsFix

#41949 opened 3 months ago by HarikrishnanBalagopal

consider hardcoding RSA PSS paramemtersNeedsDecision

#41407 opened 4 months ago by rolandshoemaker

CreateCertificate should return a meaningful error instead of panic when passed an unknown ExtKeyUsageNeedsFix

#41169 opened 4 months ago by rolandshoemaker

support P-192FeatureRequestNeedsInvestigation

#41035 opened 5 months ago by cespare

AKID and issuer SKID are not checked to matchNeedsInvestigation

#40679 opened 5 months ago by PeterNovotney

Update test case in verify_testNeedsInvestigationTesting

#40604 opened 5 months ago by SparrowLii

CreateCertificate should maybe check the signatures it generatesNeedsInvestigation

#40458 opened 6 months ago by rolandshoemaker

corporate proxy: certificate signed by unknown authorityNeedsInvestigation

#40370 opened 6 months ago by wrschneider

Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.14]CherryPickApprovedSecurity

#40210 opened 6 months ago by katiehockman

Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.13]CherryPickApprovedSecurity

#40209 opened 6 months ago by katiehockman

Go 1.15 will break default connections to AWS RDSNeedsDecisionrelease-blocker

#39568 opened 7 months ago by kevinburkemeter

exporting staticlib with ios_sdk failed with CGO_ENABLED=1NeedsInvestigationmobile

#39503 opened 7 months ago by nodece

SKID generation is over full spki, rather than just the subjectPublicKeyNeedsFix

#39429 opened 7 months ago by rolandshoemaker

Certificate.Verify method seemingly ignoring EKU requirements on WindowsNeedsFixOS-Windows

#39360 opened 7 months ago by niallnsec

build tag "ios" broken at tip on darwin/amd64NeedsFixmobilerelease-blocker

#38710 opened 9 months ago by bradfitz

CGO_ENABLED=0 x509: certificate signed by unknown authorityNeedsInvestigationOS-DarwinWaitingForInfo

#38365 opened 9 months ago by kotyara85

can set pathlen in certificate when not CANeedsFix

#38216 opened 9 months ago by m-j-jam

Mac without CGO is very slow, times out with large numbers of certsOS-Darwin

#38215 opened 9 months ago by deitch

unable to parse PKCS1 RSA private key from Microsoft Terminal Services Signing Key

#38181 opened 10 months ago by bamiaux

RSA-PSS signatures on certificates should be encoded without optional NULLsNeedsFix

#38014 opened 10 months ago by DemiMarie-parity

documentation about SSL_CERT_FILE and SSL_CERT_DIR is incorrectDocumentationNeedsInvestigation

#37907 opened 10 months ago by elagergren-spideroak

Certificate parsing/verification supports non-compliant dNSName constraintsNeedsInvestigation

#37535 opened 11 months ago by rolandshoemaker

parse additional fields in CertificateRequestNeedsFixProposal-AcceptedProposal-Crypto

#37172 opened 11 months ago by chauncyc

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.14 backport]CherryPickApproved

#37068 opened 11 months ago by gopherbot

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.13 backport]CherryPickApproved

#37067 opened 11 months ago by gopherbot

certificate signed by unknown authority, macOS

#37017 opened 11 months ago by fcjr

panic in certificate parsing [Go1.12]CherryPickApprovedSecurity

#36839 opened 1 year ago by katiehockman

panic in certificate parsing [Go1.13]CherryPickApprovedSecurity

#36838 opened 1 year ago by katiehockman

panic in certificate parsingSecurity

#36837 opened 1 year ago by katiehockman

certificate validation bypass on Windows 10 [Go1.12]CherryPickApprovedSecurity

#36836 opened 1 year ago by katiehockman

certificate validation bypass on Windows 10 [Go1.13]CherryPickApprovedSecurity

#36835 opened 1 year ago by katiehockman

certificate validation bypass on Windows 10Security

#36834 opened 1 year ago by katiehockman

incorrect mention of "EC Public Key" for ParseECPrivateKey docs, should be "EC Private Key"DocumentationNeedsInvestigation

#36788 opened 1 year ago by matthew119427

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than thatDocumentationNeedsFix

#36735 opened 1 year ago by bigmikes

ParseCertificate error: PrintableString contains invalid characterFrozenDueToAgeNeedsInvestigation

#36044 opened 1 year ago by jajohnsonpro

certificate verification does not correctly compare subject and issuer names for equalityFrozenDueToAge

#36027 opened 1 year ago by paulgriffiths

error for "trailing data after X.509 subject" should say "issuer" insteadNeedsFix

#35841 opened 1 year ago by egonk

Other Names in x509 Certificate SAN causing certificate verification failureFrozenDueToAgeNeedsInvestigation

#35467 opened 1 year ago by chrisbrowning

add API to create RFC-compliant CRLsNeedsFixProposal-AcceptedProposal-Crypto

#35428 opened 1 year ago by jefferai

SSL_CERT_DIR should support multiple directories separated by a colon like OpenSSL and BoringSSL doNeedsFix

#35325 opened 1 year ago by freedge

Reference SubjectPublicKeyInfo in MarshalPKIXPublicKeyDocumentationNeedsFixhelp wanted

#35313 opened 1 year ago by jsha

apply gofmt to verify.goFrozenDueToAgeNeedsFixhelp wanted

#35052 opened 1 year ago by graywolf

support extending list of algorithmsFrozenDueToAgeProposalProposal-Crypto

#34844 opened 1 year ago by denisvolin

x509ignoreCN=1 breaks TestCertificateParseNeedsFixTesting

#34252 opened 1 year ago by tmthrgd

implement TextMarshaler for *CertificateFeatureRequestProposalProposal-Crypto

#33888 opened 1 year ago by kevinburkemeter

failed to parse ECDSA256 PEM generated by Apple Developer WebsiteFrozenDueToAgeNeedsInvestigation

#33560 opened 1 year ago by Frozen-Tofu

any plans to implement RID and dirName SANs?FrozenDueToAge

#33504 opened 1 year ago by pedromreis

CreateCertificate creates invalid serial number fieldFrozenDueToAgeNeedsInvestigation

#33310 opened 2 years ago by zelbrium

trust setting not inherited on DarwinNeedsInvestigationOS-Darwin

#32891 opened 2 years ago by tommyknows

'certificate signed by unknown authority' on mipsleFrozenDueToAgeNeedsInvestigationWaitingForInfo

#32878 opened 2 years ago by vitaliy-kuzmich

replace MD5 in PEM encryption?NeedsInvestigation

#32777 opened 2 years ago by micahhyman1

return informative error if wrong type passed to MarshalPKIXPublicKeyFrozenDueToAgeNeedsFixhelp wanted

#32640 opened 2 years ago by mathieudevos

link Security.framework symbols without cgoNeedsFixOS-Darwin

#32604 opened 2 years ago by FiloSottile

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.12 backport]CherryPickApprovedFrozenDueToAge

#32282 opened 2 years ago by gopherbot

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.11 backport]CherryPickApprovedFrozenDueToAge

#32281 opened 2 years ago by gopherbot

Go opens many more CA cert files than PythonFrozenDueToAgeNeedsInvestigationPerformance

#32172 opened 2 years ago by yyq2013

recently updated Xcode command line tools results in errorFrozenDueToAgeNeedsInvestigationWaitingForInfo

#31250 opened 2 years ago by gilgameshskytrooper

FetchPEMRoots in CGO crashed with signal SIGSEGV when using http.Client.Do() on https URLFrozenDueToAgeOS-Darwin

#30889 opened 2 years ago by marques-work

frequent panics when doing HTTPS requests on DarwinNeedsInvestigationOS-Darwinrelease-blocker

#30763 opened 2 years ago by leonklingele

root_cgo_darwin omits intermediate CAs with an empty policy settings or an unspecified trust type settingNeedsFixOS-Darwin

#30672 opened 2 years ago by penglei

Trust setting not inherited on darwinNeedsInvestigationOS-Darwin

#30471 opened 2 years ago by vdobler

darwin-386 build is brokenFrozenDueToAgeNeedsFixOS-DarwinSoon

#30444 opened 2 years ago by bradfitz

offer a useful error when ParsePKCS8PrivateKey/ParseECPrivateKey/ParsePKCS1PrivateKey or ParsePKIXPublicKey/ParsePKCS1PrivateKey are mixed upFrozenDueToAgeNeedsFixhelp wanted

#30094 opened 2 years ago by FiloSottile

certificates with AKID don't chain to parents without SKID [1.11 backport]CherryPickApprovedFrozenDueToAge

#30081 opened 2 years ago by gopherbot

certificates with AKID don't chain to parents without SKID [1.10 backport]CherryPickApprovedFrozenDueToAgeNeedsFix

#30080 opened 2 years ago by gopherbot

certificates with AKID don't chain to parents without SKIDNeedsFix

#30079 opened 2 years ago by FiloSottile

TestSystemRoots failing when keychain contains expired or untrusted certificatesFrozenDueToAgeNeedsFixOS-Darwin

#29497 opened 2 years ago by akamensky

CPU denial of service [Go 1.10]CherryPickApprovedFrozenDueToAgeSecurity

#29238 opened 2 years ago by FiloSottile

CPU denial of service [Go 1.11]CherryPickApprovedFrozenDueToAgeSecurity

#29237 opened 2 years ago by FiloSottile

CPU denial of service in chain validationFrozenDueToAgeSecurity

#29233 opened 2 years ago by dmitshur

ParsePKCS1PublicKey expects invalid key formatFrozenDueToAgeNeedsInvestigationWaitingForInfo

#29141 opened 2 years ago by ThreeFx

(*Certificate).Equals panics for nil valuesFrozenDueToAgeNeedsDecision

#28743 opened 2 years ago by empijei

"certificate signed by unknown authority" with seemingly valid certificate chainFrozenDueToAge

#28276 opened 2 years ago by imirkin

add /usr/local/etc/ssl/certs for CA certificates on LinuxFrozenDueToAgeNeedsInvestigation

#28199 opened 2 years ago by afbjorklund

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRootsNeedsFixOS-Darwin

#28092 opened 2 years ago by akamensky

Go does not load root CA from System keychain on macOSFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#28025 opened 2 years ago by adamrothman

MaxConstraintComparisions typo: "Comparisions" should be "Comparisons"FrozenDueToAgeNeedsDecision

#27969 opened 2 years ago by alexkohler

if system keychain has a cert with an empty but valid trust settings array, cert should be trusted but Go does not trust itFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#27958 opened 2 years ago by jhump

DecryptPEMBlock sometimes passes when the password is wrongFrozenDueToAgeNeedsInvestigation

#27880 opened 2 years ago by azr

Partial wildcards are not supportedFrozenDueToAge

#27629 opened 2 years ago by agunnerson-ibm

Insufficient verification of ServerName when certificate is wildcardNeedsFix

#27591 opened 2 years ago by int-tt

SystemCertPool documentation is not clear that modifications to the cert pool supplied are isolated from other pools returned by the functionDocumentationFrozenDueToAgeNeedsFix

#27385 opened 2 years ago by leighmcculloch

certificate signed by unknown authority again FrozenDueToAgeNeedsInvestigationWaitingForInfo

#27175 opened 2 years ago by brunetto

parse trust settings in root_nocgo_darwinNeedsFixOS-Darwin

#26830 opened 2 years ago by FiloSottile

add SubjectKeyId automatically when IsCA is trueNeedsFix

#26676 opened 2 years ago by FiloSottile

allow certificates to be exported from CertPoolProposalProposal-Crypto

#26614 opened 2 years ago by btoews

create typed versions of ParsePKCS8PrivateKeyFrozenDueToAgeNeedsInvestigationProposalProposal-Crypto

#26485 opened 2 years ago by HaraldNordgren

reject UTF-8 namesNeedsFix

#26362 opened 2 years ago by FiloSottile

unable to parse CertificateRequest SAN otherName fieldFrozenDueToAgeNeedsInvestigation

#26093 opened 2 years ago by medzin

macOS -framework Security produces link warningNeedsInvestigationOS-Darwinrelease-blocker

#26073 opened 2 years ago by rsc

root_cgo_darwin and root_nocgo_darwin omit some system certs [1.9 backport]CherryPickCandidateFrozenDueToAge

#26040 opened 2 years ago by gopherbot

root_cgo_darwin and root_nocgo_darwin omit some system certs [1.11 backport]CherryPickApprovedFrozenDueToAge

#26039 opened 2 years ago by gopherbot

Certificate Subject UID not being parsedFeatureRequestFrozenDueToAgeNeedsInvestigation

#25667 opened 2 years ago by Trane9991

root_cgo_darwin omits certs with number of trust settings 0 erroneously when CGO_ENABLED=1FrozenDueToAgeNeedsInvestigationOS-Darwin

#25649 opened 2 years ago by dlamotte

EdDSA certificates supportFrozenDueToAgeProposalProposal-AcceptedProposal-Crypto

#25355 opened 2 years ago by FiloSottile

CANotAuthorizedForExtKeyUsage is a bogus error [1.10 backport]CherryPickApprovedFrozenDueToAge

#25258 opened 2 years ago by gopherbot

NameConstraintsWithoutSANs when checking signing certificate [1.10 backport]FrozenDueToAge

#25016 opened 2 years ago by gopherbot

partial wildcards not supportedFrozenDueToAge

#24888 opened 2 years ago by kmala

root_cgo_darwin and root_nocgo_darwin omit some system certsNeedsFixOS-DarwinSecurity

#24652 opened 2 years ago by jdhenke

CANotAuthorizedForExtKeyUsage is prematureFrozenDueToAgeNeedsFix

#24590 opened 2 years ago by robstradling

SystemCertPool return nil, nil on NaClFrozenDueToAgeNeedsFix

#24561 opened 2 years ago by FiloSottile

enable deep copy of x509.CertPoolFrozenDueToAgeNeedsDecision

#24540 opened 2 years ago by frankgreco

cgo errors when compiling with gcc on DarwinFrozenDueToAgeNeedsInvestigationOS-Darwin

#24437 opened 2 years ago by avinashrd

cgo errors on for loop initial declarations with gcc pre-C99FrozenDueToAgeNeedsFixOS-Darwin

#24425 opened 2 years ago by avinashrd

Verify failed on some valid certificates with SubjectAlternateNamesFrozenDueToAge

#24293 opened 2 years ago by gibma

multi-value RDN sequence is not properly DER-orderedNeedsFixearly-in-cyclerelease-blocker

#24254 opened 2 years ago by mrogers950

FetchPEMRoots in CGO crashed with signal SIGSEGV on go get gopkg.in/sourcemap.v1 on macOS Sierra (10.12.6)FrozenDueToAgeNeedsInvestigationOS-Darwin

#24190 opened 2 years ago by ericreis

VerifyOptions.KeyUsages went from any required to all required in 1.10CherryPickApprovedFrozenDueToAge

#24162 opened 2 years ago by grittygrease

parse macOS keychain policies instead of using verify-certFrozenDueToAgeNeedsFixOS-Darwin

#24084 opened 2 years ago by adamdecaf

Fails to parse certificates with fully qualified domain names FrozenDueToAgeNeedsInvestigation

#24070 opened 2 years ago by hanikesn

verification fails with "cannot parse dnsName" in intermediateCherryPickApprovedFrozenDueToAge

#23995 opened 2 years ago by freman

unable to find SignatureAlgorithm of certificate with PSS signatureFrozenDueToAge

#23847 opened 2 years ago by conradoplg

AppendCertsFromPEM fails on go1.10rc1FrozenDueToAgeNeedsDecision

#23711 opened 3 years ago by magiconair

Go should be lenient in parsing CRL Distribution Points that do not conform to RFC 5280 4.2.1.13FrozenDueToAgeNeedsDecision

#23403 opened 3 years ago by christopher-henderson

add support to get SSL context from certificate store on windowsOS-WindowsProposalProposal-Crypto

#23282 opened 3 years ago by tsaridas

add /usr/local/share/ca-certificates to certificate directoriesFrozenDueToAgeWaitingForInfo

#23217 opened 3 years ago by mmiranda96

ParsePKIXPublicKey can not parse 1024bit RSAFrozenDueToAgeNeedsInvestigation

#23032 opened 3 years ago by parazyd

Trailing data in the IssuerAlternativeName extension value does not return an error when parsing certificate.FrozenDueToAgeNeedsInvestigation

#23016 opened 3 years ago by szank

VerifyHostname validating wrong SANFrozenDueToAgeWaitingForInfo

#22922 opened 3 years ago by rikatz

buildExtensions issues certificates rejected by Mozilla NSSFrozenDueToAgeNeedsFix

#22616 opened 3 years ago by pcarrier

intermediates with unknown critical extensions not rejected [Go1.8]CherryPickApprovedFrozenDueToAge

#22261 opened 3 years ago by rsc

intermediates with unknown critical extensions not rejectedCherryPickApprovedFrozenDueToAgerelease-blocker

#22260 opened 3 years ago by rsc

disable TestSystemRoots on non-cgo darwinCherryPickApprovedFrozenDueToAgeOS-Darwinrelease-blocker

#22256 opened 3 years ago by rsc

CreateCertificate should mark SubjectAltName as critical iff Subject is emptyFrozenDueToAge

#22249 opened 3 years ago by optnfast

Apple edited HT204132, breaking iOS CA roots updaterFrozenDueToAgeNeedsFixOS-Darwin

#22181 opened 3 years ago by acohn

Truncate DSA signed data's hash before verificationFrozenDueToAgeNeedsFixhelp wanted

#22017 opened 3 years ago by Tasssadar

add Public Key Algorithms from RFC 4491FrozenDueToAgeProposal

#21858 opened 3 years ago by realmfoo

cannot generate version 1 or 2 certificatesFrozenDueToAge

#21593 opened 3 years ago by 0x783czar

ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal errorFrozenDueToAge

#21502 opened 3 years ago by vickiniu

Entrust broken cert link no longer valid, please consider removing the workaroundFrozenDueToAgerelease-blocker

#21488 opened 3 years ago by mrmagooey

TestSystemRoots failureFrozenDueToAgeNeedsInvestigationOS-DarwinTestingrelease-blocker

#21416 opened 3 years ago by martisch

SystemCertPool() can return nil,nilFrozenDueToAgeNeedsFix

#21405 opened 3 years ago by champtar

CreateCertificate docs incompletely list template fields usedDocumentationFrozenDueToAgeNeedsFix

#21363 opened 3 years ago by cryslith

ParseCertificate error: PrintableString contains invalid characterFrozenDueToAgeWaitingForInfo

#21339 opened 3 years ago by tonyjt

missing MarshalPKCS1PublicKey and ParsePKCS1PublicKeyFrozenDueToAge

#21029 opened 3 years ago by tmc

root_darwin.go does not include trusted root certificates from System/Login keychainsFrozenDueToAgeOS-Darwin

#20990 opened 3 years ago by raszi

when TestEnvVars fails, it "index out of range" panics due to off-by-one bugFrozenDueToAge

#20801 opened 3 years ago by dmitshur

Missing MarshalPKCS8PrivateKeyFrozenDueToAgeNeedsFix

#19972 opened 3 years ago by jameshartig

export CertPool’s certificatesFrozenDueToAge

#19606 opened 3 years ago by stapelberg

honor OS X certificate trust settings possible regressionFrozenDueToAgeNeedsInvestigationOS-DarwinWaitingForInfohelp wanted

#19436 opened 3 years ago by dharmapunk82

ParseCertificate returns a certificate with MaxPathLen of -1 if pathLenConstraint is not setDocumentationFrozenDueToAgeNeedsDecision

#19285 opened 3 years ago by cyli

docs for CreateCertificate omit template.AuthorityKeyId yet it is used in codeDocumentationFrozenDueToAge

#18962 opened 4 years ago by tylrtrmbl

documentation for CreateCertificateRequest extensions unclearDocumentationFrozenDueToAge

#18899 opened 4 years ago by lwithers

path lookup order change affects CentOS from Go 1.7->8FrozenDueToAgeNeedsDecision

#18813 opened 4 years ago by joegrasse

certificate validation errors with go1.7.4 binaries + macOS SierraFrozenDueToAgeOS-Darwin

#18688 opened 4 years ago by cblecker

ParseCertificate ignores all but first value from Subject's []string{} fieldsFrozenDueToAgeNeedsInvestigation

#18654 opened 4 years ago by joemiller

Go 1.8's SystemCertPool() on Windows does not return all Windows root CAsFrozenDueToAgeNeedsFixhelp wanted

#18609 opened 4 years ago by mkrautz

root_darwin_test.go failsFrozenDueToAgeOS-Darwin

#18224 opened 4 years ago by YoshikiShibata

TestSystemRoots flaky & slow in non-cgo caseFrozenDueToAgeNeedsFixOS-Darwin

#18203 opened 4 years ago by phacker

honor OS X certificate trust settingsFrozenDueToAgeSecurity

#18141 opened 4 years ago by quentinmit

loadSystemRoots segfault when running under launchdFrozenDueToAgeNeedsInvestigationWaitingForInfo

#17972 opened 4 years ago by nhooyr

contradictory Mac OS X version requirementsFrozenDueToAgeOS-DarwinWaitingForInfo

#17732 opened 4 years ago by AxbB36

certificates at /etc/ssl/certs/ ignored on FreeBSD, etcFrozenDueToAgeNeedsInvestigationOS-FreeBSDhelp wanted

#16920 opened 4 years ago by buro1983

distributionPointName not compliant with RFC 5280FrozenDueToAge

#16858 opened 4 years ago by zhengping12

Certs with odd RDN layouts not handled, cause confusing errorsFrozenDueToAgeNeedsInvestigation

#16836 opened 4 years ago by tv42

bad error messageFrozenDueToAge

#16834 opened 4 years ago by joneskoo

Verify returns incorrect chains for some situationsFrozenDueToAgeNeedsFix

#16800 opened 4 years ago by ramoas

a server with a self-signed certificate doesn't validate if that cert is in RootsFrozenDueToAge

#16763 opened 4 years ago by agl

CreateCRL allows non-UTC times in revokedCerts listFrozenDueToAgeNeedsDecision

#16686 opened 4 years ago by jefferai

missing support for EC parameter encodingFrozenDueToAgeNeedsDecision

#16660 opened 4 years ago by ghost

CreateCertificate can panic in asn1 codeFrozenDueToAgehelp wanted

#16603 opened 4 years ago by jefferai

error "x509: certificate signed by unknown authority" on valid SSL chainFrozenDueToAgeNeedsInvestigation

#16589 opened 4 years ago by rasky

darwin only loads system.root keychain should also load system keychainFrozenDueToAgeNeedsFixOS-Darwinhelp wantedrelease-blocker

#16532 opened 4 years ago by jostockley

re-unify the OS X code paths for loading rootsFrozenDueToAgeNeedsFixOS-Darwin

#16508 opened 4 years ago by bradfitz

0xb01dfacedebac1e crash on Mac OS X 10.8FrozenDueToAge

#16473 opened 4 years ago by bradfitz

Certificate Name Constraints starting with "." not validated properlyFrozenDueToAge

#16347 opened 4 years ago by floridoo

ParsePKIXPublicKey parses invalid RSA public keys without errorsFrozenDueToAge

#16166 opened 4 years ago by szank

RSA certs with PSS signatures cannot be verifiedFrozenDueToAgeNeedsInvestigation

#15958 opened 4 years ago by lwithers

CentOS 7 "x509: failed to load system roots and no roots provided" issues.FrozenDueToAgeNeedsFix

#15749 opened 4 years ago by mckn

VerifyHostname should ignore port if not present in patternFrozenDueToAge

#15452 opened 4 years ago by runeaune

Wrong error text when failing to unmarshal key-idFrozenDueToAge

#15371 opened 4 years ago by phayes

CommonName truncated at slashFrozenDueToAgeWaitingForInfo

#15256 opened 4 years ago by huang195

AuthorityKeyId on self-signed certificatesFrozenDueToAge

#15194 opened 4 years ago by vanbroup

CheckSignatureFrom does not verify Issuer matches parent's SubjectFrozenDueToAgeNeedsInvestigation

#14955 opened 4 years ago by jsha

invalid implementation of Permitted DNS NamesFrozenDueToAge

#14833 opened 4 years ago by ayufan

broken linkDocumentationFrozenDueToAge

#14776 opened 4 years ago by perillo

occasional failure on FreeBSD buildersFrozenDueToAgeOS-FreeBSD

#14688 opened 4 years ago by ianlancetaylor

oidSignatureDSAWithSHA256 has incorrect valueFrozenDueToAge

#14663 opened 4 years ago by AGWA

typo in docs for x509.CreateCertificateRequestDocumentationFrozenDueToAge

#14649 opened 4 years ago by voutasaurus

root_darwin.go does not include trusted root certificates from System/Login keychainsOS-Darwin

#14514 opened 4 years ago by mwielgoszewski

ParsePKCS1PrivateKey is not complaint with PKCS#1 standardFrozenDueToAge

#14512 opened 4 years ago by wpc

better documentation for ParsePKIXPublicKeyFrozenDueToAge

#14355 opened 5 years ago by dndx

add standard SSL_CERT_DIR locationsFrozenDueToAgeNeedsFix

#14311 opened 5 years ago by raspy

parsing of certificates with exponent length > 32bit fails on GOARCH=386FrozenDueToAgeGo2

#14129 opened 5 years ago by nurio

writing certificates in PKCS12 formatFrozenDueToAgeProposalProposal-Declined

#14125 opened 5 years ago by boumenot

FreeBSD CA roots order fixFrozenDueToAgeNeedsFixOS-FreeBSD

#14022 opened 5 years ago by lifeforms

CRL generated by Certificate.CreateCRL is still version 1FrozenDueToAge

#13931 opened 5 years ago by hujun-open

CreateCertificateRequest cannot write extensions with criticalFrozenDueToAge

#13739 opened 5 years ago by nejisama

Panics on some ECDSA keysFrozenDueToAge

#13699 opened 5 years ago by hlandau

UnknownAuthorityError should expose private CertificateFrozenDueToAgeNeedsFix

#13519 opened 5 years ago by rolandshoemaker

add support for marshalling PKCS#8 private keysFrozenDueToAge

#13487 opened 5 years ago by AGWA

export systemRootsPool or equivilantFrozenDueToAge

#13335 opened 5 years ago by phemmer

panic verifying certificate on windowsFrozenDueToAgeOS-Windows

#12184 opened 5 years ago by deafgoat

add /etc/ssl/certs to certificate directoriesFrozenDueToAge

#12139 opened 5 years ago by deafgoat

x509 DN orderingFrozenDueToAge

#11966 opened 5 years ago by szechyjs

Go uses the wrong type for parsing CSR attributesFrozenDueToAge

#11897 opened 5 years ago by agl

cannot build for iOS simulatorFrozenDueToAge

#11736 opened 5 years ago by crawshaw

TestSystemVerify failed on windowsFrozenDueToAgeOS-Windows

#11730 opened 5 years ago by chai2010

division by zeroFrozenDueToAge

#11233 opened 5 years ago by dvyukov

input not full blocksFrozenDueToAge

#11215 opened 5 years ago by dvyukov

test is sometimes very slowFrozenDueToAge

#10692 opened 5 years ago by rsc

reading certificates from PKCS12 files FrozenDueToAge

#10621 opened 5 years ago by paulmey

ParsePKIXPublicKey ignores tail of ASN.1 encodingFrozenDueToAge

#10583 opened 5 years ago by rsc

Support critical Apple extension for Development and Submission signingFrozenDueToAge

#10459 opened 5 years ago by nathany

Support MD5 signatures for certificatesFrozenDueToAge

#10436 opened 5 years ago by gonzojive

more descriptive error message for unsupported algorithms such as MD5 with RSAFrozenDueToAge

#10431 opened 5 years ago by mvanotti

COMODO certifification got x509: certificate signed by unknown authorityFrozenDueToAge

#10421 opened 5 years ago by SunRunAway

insufficient validation in x509.DecryptPEMBlock leads to decryption false positivesFrozenDueToAge

#10171 opened 5 years ago by diogomonica

parseCertificate fails if Cert Policy extension is criticalFrozenDueToAge

#9964 opened 6 years ago by mvanotti

Need to update certificate name matching to only accept wildcards in the first label.FrozenDueToAge

#9834 opened 6 years ago by agl

matchHostnames doesn't work with absolute domain namesFrozenDueToAge

#9828 opened 6 years ago by rubyist

missing certificate location on netbsdFrozenDueToAge

#9285 opened 6 years ago by 0-wiz-0

root_unix.go: crypto/x509: failed to load system roots and no roots provided.FrozenDueToAge

#9146 opened 6 years ago by gopherbot

certFiles needs updating for Solaris 11.2+FrozenDueToAge

#9078 opened 6 years ago by gopherbot

typo in CreateCertificateRequest docsFrozenDueToAge

#8936 opened 6 years ago by gopherbot

ParsePKCS8PrivateKey does not support loading DSA keysFrozenDueToAge

#8919 opened 6 years ago by gopherbot

cert from google fails to parseFrozenDueToAge

#8387 opened 6 years ago by gopherbot

failed to load system roots and no roots provided.FrozenDueToAge

#8349 opened 6 years ago by gopherbot

unable to parse certificate with a negative serial numberFrozenDueToAge

#8265 opened 6 years ago by gopherbot

An invalid certificate chain may be returned by "Certificate.Verify(opts VerifyOptions)"FrozenDueToAge

#8029 opened 6 years ago by gopherbot

No expected chain matchedFrozenDueToAge

#7824 opened 6 years ago by peterGo

certs fail on current Windows due to 3/11/2014 root updateFrozenDueToAge

#7523 opened 6 years ago by rsc

Extended Key Usage on X509 certificates yields unexpected flagsFrozenDueToAge

#7516 opened 6 years ago by gopherbot

support DSA keys.FrozenDueToAge

#6868 opened 7 years ago by hanwen

ExtKeyUsageAny doesn't work when tls server CheckSignatureFrom client's certificate FrozenDueToAge

#6831 opened 7 years ago by gopherbot

error in documentation for CreateCertificateFrozenDueToAge

#6633 opened 7 years ago by jstemmer

failed to load system roots when there are no system rootsFrozenDueToAge

#6391 opened 7 years ago by gopherbot

Document how to make custom cert root listDocumentationFrozenDueToAge

#6267 opened 7 years ago by dsymonds

does not expose URIs in SubjectAltName extensionFrozenDueToAge

#5752 opened 7 years ago by gopherbot

support CSRsFrozenDueToAge

#5303 opened 7 years ago by gopherbot

respect SignatureAlgorithm in CreateCertificateFrozenDueToAge

#5302 opened 7 years ago by gopherbot

certificate with signature RMD160 shows wrong error messageFrozenDueToAgeNeedsInvestigationhelp wanted

#5301 opened 7 years ago by gopherbot

confusing error for missing hash functionFrozenDueToAge

#5058 opened 7 years ago by rsc

Wildcard Cerficate Validation WeaknessFrozenDueToAge

#4658 opened 8 years ago by gopherbot

windows test exe crashes while calling syscall.CertGetCertificateChain during TestSystemVerifyFrozenDueToAgeUnfortunate

#4165 opened 8 years ago by gopherbot

allow cert bundle path to be set by environment variableFrozenDueToAge

#3905 opened 8 years ago by gopherbot

cannot parse Facebook certFrozenDueToAge

#3731 opened 8 years ago by gopherbot

TLS connection problems due to cert verification failureFrozenDueToAge

#993 opened 10 years ago by gopherbot

does not implement other hash algorithms then SHA1WithRSAFrozenDueToAge

#988 opened 10 years ago by gopherbot