crypto/x509

New Issue

add VerifyOptions.UnknownAlgorithmVerifierLibraryProposalProposalProposal-Crypto

#74024 opened 1 month ago by bwesterb

incompatible behavior of SSL_CERT_DIR with OpenSSLNeedsInvestigation

#73961 opened 1 month ago by DanielShaulov

ExtKeyUsageAny bypasses policy validation [1.24 backport]CherryPickApprovedSecurity

#73700 opened 1 month ago by gopherbot

ExtKeyUsageAny bypasses policy validationBugReportSecurity

#73612 opened 2 months ago by rolandshoemaker

redundant UnknownExtKeyUsage check in verify.goNeedsInvestigation

#73289 opened 3 months ago by MikhailLipanin

unexpected handling of escape charactersBugReportNeedsInvestigation

#73028 opened 3 months ago by onepeople158

Verify allows serialNumber larger than 20 octetsBugReportNeedsInvestigationUnfortunate

#72076 opened 4 months ago by dulanshuangqiao

reject BMPStrings that use invalid charactersBugReportNeedsFix

#71862 opened 4 months ago by rolandshoemaker

use truncated SHA-256 for SubjectKeyIdNeedsFix

#71746 opened 4 months ago by FiloSottile

negative serial number disallowed by defaultLibraryProposal

#71606 opened 5 months ago by DStrand1

Parser support for extensionsLibraryProposal

#71499 opened 5 months ago by dulanshuangqiao

ParsePKCS1PrivateKey panic with partial keys [CVE-2025-22865]NeedsFixSecurity

#71216 opened 6 months ago by rolandshoemaker

usage of IPv6 zone IDs can bypass URI name constraints [CVE-2024-45341] [1.24 backport]CherryPickCandidateSecurity

#71209 opened 6 months ago by gopherbot

usage of IPv6 zone IDs can bypass URI name constraints [CVE-2024-45341] [1.23 backport]CherryPickApprovedSecurity

#71208 opened 6 months ago by gopherbot

usage of IPv6 zone IDs can bypass URI name constraints [CVE-2024-45341] [1.22 backport]CherryPickApprovedSecurity

#71207 opened 6 months ago by gopherbot

usage of IPv6 zone IDs can bypass URI name constraints [CVE-2024-45341]NeedsFixSecurity

#71156 opened 6 months ago by rolandshoemaker

Export CertPool LengthProposal

#70819 opened 7 months ago by zapisanchez

many crypto tests are failing on s390xNeedsFixarch-s390x

#70771 opened 7 months ago by srinivas-pokala

Make 'CertPool.contains()' publicProposal

#70477 opened 7 months ago by rossigee

panic during tls handshake from http clientWaitingForInfo

#70374 opened 7 months ago by fishy

flag for more lax certificate parsingProposalProposal-Crypto

#70324 opened 8 months ago by chris-jansson

ParseCertificate should error on invalid tag for PolicyMappingsWaitingForInfo

#70074 opened 8 months ago by dulanshuangqiao

ParseCertificate fails with "net/url: invalid userinfo"NeedsInvestigation

#69930 opened 8 months ago by dulanshuangqiao

Add support for OtherName SANProposalProposal-Crypto

#69023 opened 10 months ago by kindermoumoute

func (*Certificate) CheckSignatureFromWaitingForInfo

#68626 opened 11 months ago by yan-di

support Inhibit Any-policy and Policy ConstraintsProposalProposal-Accepted

#68484 opened 1 year ago by satsrini

generate serial number for nil template SerialNumberProposalProposal-AcceptedProposal-Cryptorelease-blocker

#67675 opened 1 year ago by rolandshoemaker

decide about marshalling of Policies/PolicyIdentifiersNeedsFix

#67620 opened 1 year ago by mateusz834

wrong value of RevocationList.AuthorityKeyIdFrozenDueToAgeNeedsInvestigation

#67571 opened 1 year ago by andrewkostevich

TestPlatformVerifier failures on Windows due to broken connections [1.22 backport]CherryPickApprovedFrozenDueToAgeSecurityTesting

#67352 opened 1 year ago by gopherbot

TestPlatformVerifier failures on Windows due to broken connections [1.21 backport]CherryPickApprovedFrozenDueToAgeSecurityTesting

#67351 opened 1 year ago by gopherbot

certificate validation issuesFrozenDueToAgeWaitingForInfo

#67024 opened 1 year ago by joyantaDebnath

ParseCertificate duplicate extensions errors should include OID of the affected extensionFrozenDueToAgeNeedsInvestigation

#66880 opened 1 year ago by Techassi

Certificate no longer encodable using encoding/gob in Go1.22 [1.22 backport]CherryPickApprovedFrozenDueToAge

#66273 opened 1 year ago by gopherbot

make OID have text, binary marshal methodsFrozenDueToAgeProposalProposal-Acceptedrelease-blocker

#66249 opened 1 year ago by rsc

invalid certificate policiesFrozenDueToAge

#65990 opened 1 year ago by fancycode

cannot parse certificate IP & net/http cannot ignore this certificate errorFrozenDueToAge

#65829 opened 1 year ago by staverne

Certificate no longer encodable using encoding/gob in Go1.22FrozenDueToAgeNeedsFix

#65633 opened 1 year ago by VictorLowther

TestPlatformVerifier failures on macOS due to mismatched error textFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#65461 opened 1 year ago by gopherbot

Verify panics on certificates with an unknown public key algorithm [CVE-2024-24783]FrozenDueToAgeNeedsFixSecurityrelease-blocker

#65390 opened 1 year ago by neild

TestIssue51759 consistently failing on `gotip-darwin-amd64_10.15` LUCI builder [1.21 backport]CherryPickApprovedFrozenDueToAgeTesting

#65380 opened 1 year ago by gopherbot

TestIssue51759 consistently failing on `gotip-darwin-amd64_10.15` LUCI builder [1.20 backport]CherryPickApprovedFrozenDueToAgeTesting

#65379 opened 1 year ago by gopherbot

wrong crypto.SignerOpts provided to Sign() in case of PSS signatureFrozenDueToAgeNeedsFix

#65074 opened 2 years ago by phlipse

TestIssue51759 consistently failing on `gotip-darwin-amd64_10.15` LUCI builderFrozenDueToAgeNeedsFixOS-DarwinSecurityTesting

#64677 opened 2 years ago by bcmills

gate marshaling of Policies on a GODEBUG [freeze exception]FrozenDueToAgeNeedsFixProposalProposal-Acceptedrelease-blocker

#64248 opened 2 years ago by mateusz834

rename OIDFromInts to NewOIDFromIntsFrozenDueToAgeProposalrelease-blocker

#64012 opened 2 years ago by mateusz834

code signing certificates fail to verify in macOS Ventura and later FrozenDueToAgeNeedsInvestigationOS-DarwinWaitingForInfo

#63995 opened 2 years ago by sinukus

CreateCertificate will generate duplicate certificate policies if PolicyIdentifiers and Policies and populatedNeedsFixrelease-blocker

#63909 opened 2 years ago by rolandshoemaker

crash and spurious errors in `(*Certificate).Verify` on macOS when argv[0] contains `//../`FrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#61000 opened 2 years ago by knz

TestSystemVerify/EKULeafValid fails on LUCI [1.20 backport]CherryPickApprovedFrozenDueToAgeTesting

#60947 opened 2 years ago by gopherbot

TestSystemVerify/EKULeafValid fails on LUCIFrozenDueToAgeNeedsFixTesting

#60925 opened 2 years ago by heschi

introduce new robust OID type & use it for certificate policiesFrozenDueToAgeProposalProposal-AcceptedProposal-Crypto

#60665 opened 2 years ago by rolandshoemaker

go mod tidy reports certificate expired on a non-expired certificateNeedsInvestigation

#60653 opened 2 years ago by ysmilda

TestPlatformVerifier fails on windows-amd64-longtest-oldcc builder on 1.19 release branch FrozenDueToAgeNeedsFixSecurityTesting

#60118 opened 2 years ago by cherrymui

IsEncryptedPEMBlock, EncryptPEMBlock, and DecryptPEMBlock should not be deprecatedFrozenDueToAgeProposalProposal-Crypto

#59961 opened 2 years ago by bustedware

Certificate.Verify does not enforce name constraints correctlyFrozenDueToAgeNeedsFix

#59171 opened 2 years ago by rittneje

TestIssue51759 failuresFrozenDueToAgeNeedsInvestigationOS-Darwin

#58930 opened 2 years ago by gopherbot

add android user trusted CA folder as a possible source for certificate retrievalFrozenDueToAgeOS-AndroidProposalProposal-AcceptedProposal-Crypto

#58922 opened 2 years ago by odeke-em

TestIssue51759 has started to fail on darwin-amd64-10_15FrozenDueToAgeNeedsFixOS-DarwinTestingrelease-blocker

#58812 opened 2 years ago by dmitshur

TestSystemVerify consistently failing [1.20 backport]CherryPickApprovedFrozenDueToAgerelease-blocker

#58811 opened 2 years ago by gopherbot

TestSystemVerify consistently failing [1.19 backport]CherryPickApprovedFrozenDueToAgerelease-blocker

#58810 opened 2 years ago by gopherbot

TestSystemVerify failuresFrozenDueToAgeNeedsInvestigation

#58795 opened 2 years ago by gopherbot

Incorrect documentation for `ParsePKCS8PrivateKey` [1.20 backport]CherryPickApprovedDocumentationFrozenDueToAge

#58793 opened 2 years ago by gopherbot

TestSystemVerify consistently failingFrozenDueToAgeNeedsFixOS-WindowsTestingrelease-blocker

#58791 opened 2 years ago by bcmills

Incorrect documentation for `ParsePKCS8PrivateKey`DocumentationFrozenDueToAgeNeedsFix

#58789 opened 2 years ago by babolivier

TestBoringAllowCert failures [1.19 backport]CherryPickApprovedFrozenDueToAgeTesting

#57635 opened 2 years ago by gopherbot

re-allow duplicate attributes in CSRs [1.19 backport]CherryPickApprovedFrozenDueToAge

#57556 opened 2 years ago by FiloSottile

the ParseRevocationList() doesn't seem to populate the AuthorityKeyId correctlyFixPendingFrozenDueToAgeNeedsFix

#57461 opened 2 years ago by hujun-open

Verify on macOS does not return typed errors [1.19 backport]CherryPickApprovedFrozenDueToAge

#57427 opened 2 years ago by rolandshoemaker

Verify on macOS does not return typed errors [1.18 backport]CherryPickApprovedFrozenDueToAge

#57426 opened 2 years ago by gopherbot

support code-constrained rootsFrozenDueToAgeProposalProposal-AcceptedProposal-Crypto

#57178 opened 2 years ago by rolandshoemaker

parse CSR with elided AttributesFrozenDueToAgeNeedsInvestigation

#56901 opened 2 years ago by cipherboy

Verify on macOS does not return typed errorsFrozenDueToAgeNeedsFixOS-Darwin

#56891 opened 2 years ago by wneessen

TestBoringAllowCert failuresFrozenDueToAgeNeedsInvestigation

#56798 opened 2 years ago by gopherbot

TestPlatformVerifier failures on Windows due to broken connectionsFrozenDueToAgeNeedsInvestigationOS-WindowsSecurity

#56791 opened 2 years ago by gopherbot

respect GODEBUG changes during program lifetime [1.19 backport]CherryPickApprovedFrozenDueToAge

#56438 opened 2 years ago by gopherbot

respect GODEBUG changes during program lifetime [1.18 backport]CherryPickApprovedFrozenDueToAge

#56437 opened 2 years ago by gopherbot

respect GODEBUG changes during program lifetimeFrozenDueToAgeNeedsFix

#56436 opened 2 years ago by rsc

Parse CSR not containing Extensions Request Attribute FrozenDueToAgeNeedsInvestigation

#56140 opened 2 years ago by TheJimmyBlaze

Add support for OtherName SANFrozenDueToAgeProposalProposal-Crypto

#55897 opened 2 years ago by haydentherapper

Reallow duplicate attributes in CSRs.FrozenDueToAgeNeedsFix

#54936 opened 2 years ago by robstradling

SecPolicyCreateSSL returns null when binary is called with strange pathFrozenDueToAgeNeedsFix

#54590 opened 2 years ago by radhus

panics on invalid curve instead of returning error [1.19 backport]CherryPickApprovedFrozenDueToAge

#54295 opened 2 years ago by gopherbot

panics on invalid curve instead of returning errorFrozenDueToAgeNeedsFix

#54288 opened 2 years ago by FnuGk

Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport]CherryPickCandidateFrozenDueToAge

#53944 opened 3 years ago by sgmiller

Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.18 backport]CherryPickCandidateFrozenDueToAge

#53943 opened 3 years ago by sgmiller

Incorrect RSA key size limitations in BoringCrypto/FIPS 140-2 modeFrozenDueToAgeNeedsInvestigation

#53755 opened 3 years ago by cipherboy

Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable IssuerFrozenDueToAgeNeedsFix

#53754 opened 3 years ago by cipherboy

ParseRevocationList does not populate Number and AuthorityKeyId fieldsFrozenDueToAgeNeedsFixrelease-blocker

#53726 opened 3 years ago by aarongable

ParseRevocationList misses entry extensionsFrozenDueToAgeNeedsInvestigation

#53592 opened 3 years ago by aarongable

surface ReasonCode inside x509.RevocationList entriesFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#53573 opened 3 years ago by aarongable

CreateRevocationList() does not enforce that the CRL Number is at most 20 octetsFrozenDueToAgeNeedsInvestigation

#53543 opened 3 years ago by aarongable

Certificate.Verify on darwin no longer returns UnknownAuthorityError when the system verifier is usedFrozenDueToAge

#53401 opened 3 years ago by dnephin

Certificates with an Email ... failed parsing cause of @ versus ASN1 + InsecureSkipVerify never checkFrozenDueToAgeNeedsInvestigation

#52964 opened 3 years ago by OlivierMary

checkSignature why the loop doesn't `break` after finding `algo`?FrozenDueToAgeNeedsFixPerformance

#52955 opened 3 years ago by dchaofei

macOS flakes due to "certificate is not standards compliant"BuildersFrozenDueToAgeNeedsInvestigationOS-Darwinrelease-blocker

#52854 opened 3 years ago by neild

failed to parse X509 certificateFrozenDueToAge

#52742 opened 3 years ago by alxchk

EKU nesting enforcement broken at tipFrozenDueToAgerelease-blocker

#52659 opened 3 years ago by rolandshoemaker

provide method for generating conformant serial numbersFrozenDueToAgeProposalProposal-AcceptedProposal-Crypto

#52444 opened 3 years ago by rolandshoemaker

verification with system and custom roots (backport to 1.17?)FrozenDueToAgeNeedsDecision

#52370 opened 3 years ago by dims

CreateCertificate should omit extensions if there aren't anyFrozenDueToAgeNeedsFix

#52319 opened 3 years ago by rolandshoemaker

possible crash on macOS 10.13 (in `SecTrustEvaluateWithError`)FrozenDueToAgeWaitingForInfo

#52112 opened 3 years ago by tmm1

TestPlatformVerifier is failing on windows-amd64-longtestFrozenDueToAgeNeedsFixSoonrelease-blocker

#52094 opened 3 years ago by heschi

go1.18 stops returning typed errors when using system roots on darwinFrozenDueToAgeNeedsInvestigation

#52010 opened 3 years ago by liggitt

"certificate is not standards compliant" on MacOSNeedsInvestigationOS-Darwin

#51991 opened 3 years ago by dims

x509 certificate with issuerUniqueID and/or subjectUniqueID parse error [1.18 backport]CherryPickApprovedFrozenDueToAge

#51859 opened 3 years ago by gopherbot

x509 certificate with issuerUniqueID and/or subjectUniqueID parse error [1.17 backport]CherryPickApprovedFrozenDueToAge

#51858 opened 3 years ago by gopherbot

reject SHA-1 signatures in Verify [1.18 backport]CherryPickApprovedFrozenDueToAge

#51852 opened 3 years ago by gopherbot

Certificate.Verify crash on macOS with Go 1.18 (CVE-2022-27536) [1.18 backport]CherryPickApprovedFrozenDueToAgeSecurityrelease-blocker

#51763 opened 3 years ago by gopherbot

Certificate.Verify crash on macOS with Go 1.18FrozenDueToAgeNeedsFixSecurity

#51759 opened 3 years ago by bradfitz

x509 certificate with issuerUniqueID and/or subjectUniqueID parse errorFrozenDueToAgeNeedsFix

#51754 opened 3 years ago by mic6090

potential memory leak on macOSFrozenDueToAgeNeedsInvestigationOS-Darwin

#51752 opened 3 years ago by tie

TestHybridPool failures on Windows with `x509: certificate signed by unknown authority`FrozenDueToAgeNeedsInvestigationOS-Windowsokay-after-beta1release-blocker

#51599 opened 3 years ago by bcmills

intermittent failures on darwin/amd64 with ‘x509: “…” certificate is expired’ since 2021-11-06FrozenDueToAgeNeedsFixOS-Darwinrelease-blocker

#51209 opened 3 years ago by bcmills

invalid RDNSequence: invalid attribute value: unsupported string type: 18 [1.17 backport]CherryPickApprovedFrozenDueToAge

#51000 opened 3 years ago by gopherbot

ParseCertificate and ParseCertificateRequest should return an error when there are duplicate x509 extensionsFrozenDueToAgeNeedsFix

#50988 opened 3 years ago by aaomidi

add ParseRevocationList, deprecate ParseCRL & ParseDERCRLFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#50674 opened 3 years ago by rolandshoemaker

unhandled error FrozenDueToAge

#50570 opened 3 years ago by walkerxiong

error parsing large ASN.1 identifiers [1.17 backport]CherryPickApprovedFrozenDueToAge

#50165 opened 3 years ago by gopherbot

error parsing large ASN.1 identifiersFrozenDueToAgeNeedsFixrelease-blocker

#49678 opened 3 years ago by umlublin

crlSign key missing for CreateRevocationListFrozenDueToAgeNeedsInvestigation

#49414 opened 3 years ago by solyard

The if's condition checks that err is not nil but returns nilFrozenDueToAgeNeedsInvestigation

#49135 opened 3 years ago by tenntenn

Verify fails to find valid path when some paths have EKU constraint violationsFrozenDueToAgeNeedsInvestigation

#48869 opened 3 years ago by JackOfMostTrades

comments on certDirectories are misleadingFrozenDueToAgeNeedsFix

#48808 opened 3 years ago by sding3

invalid RDNSequence: invalid attribute value: unsupported string type: 18FrozenDueToAgeNeedsFix

#48171 opened 3 years ago by mic6090

parse SAN DirectoryNameFrozenDueToAge

#47618 opened 3 years ago by tracefinder

go.1.15 onwards CreateCertificate signed by CA cert adds unparseable ASN1 blocks under x509.Certificate.ExtensionsFrozenDueToAge

#47526 opened 3 years ago by manuullas

unable to verify proxy self-signed certFrozenDueToAgeWaitingForInfo

#46937 opened 4 years ago by alanhamlett

invalid authority key identifier parsing older root "Starfield Class 2 Certification Authority"FrozenDueToAgeNeedsFixrelease-blocker

#46854 opened 4 years ago by joeshaw

use platform verifier on Windows, macOS and iOSFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#46287 opened 4 years ago by FiloSottile

add new FreeBSD root store path [freeze exception]FrozenDueToAgeNeedsFix

#46284 opened 4 years ago by FiloSottile

add CertPool.EqualFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#46057 opened 4 years ago by dnephin

can't verify signature on RSA-PSS certificate requests it createdFrozenDueToAgeNeedsFix

#45990 opened 4 years ago by ycongal-smile

not finding CA from SystemCertPoolFrozenDueToAgeNeedsInvestigation

#45904 opened 4 years ago by wzzhu

CertPools do not equal each other in 1.16FrozenDueToAge

#45891 opened 4 years ago by pcman312

enforce Name Constraints on intermediates with SANsFrozenDueToAgeNeedsFix

#45856 opened 4 years ago by FiloSottile

rewrite the parser to use x/crypto/cryptobyteFrozenDueToAgeNeedsFixearly-in-cycle

#44299 opened 4 years ago by rolandshoemaker

Certificate.CheckSignatureFrom() inconsistency with OpenSSL FrozenDueToAgeNeedsFix

#44237 opened 4 years ago by zzma

add SetFallbackRoots and golang.org/x/crypto/x509roots/fallback packageFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#43958 opened 4 years ago by breml

invalid character " " in host nameFrozenDueToAgeNeedsInvestigation

#43954 opened 4 years ago by elgohr

investigate signature verification added to CreateCertificate in Go 1.16FrozenDueToAgeNeedsInvestigationrelease-blocker

#43928 opened 4 years ago by dmitshur

decryption of PEM file failure not being caughtFrozenDueToAgeProposalProposal-Crypto

#43504 opened 4 years ago by pschou

reconsider the expansion of CertificateRequestFrozenDueToAgeNeedsFixrelease-blocker

#43477 opened 4 years ago by AGWA

failed to load system roots and no roots providedFrozenDueToAgeNeedsInvestigationOS-Darwin

#42414 opened 4 years ago by Poor12

consider removing support for signing with RSA-MD5FrozenDueToAgeNeedsInvestigation

#42125 opened 4 years ago by rolandshoemaker

IsEncryptedPEMBlock returns false on valid encrypted keys. ParseRawPrivateKeyWithPassphrase fails on PKCS8 format encrypted key.DocumentationFrozenDueToAgeNeedsFix

#41949 opened 4 years ago by HarikrishnanBalagopal

reject SHA-1 signatures in VerifyNeedsFixProposalProposal-AcceptedProposal-CryptoSecurityrelease-blocker

#41682 opened 4 years ago by FiloSottile

consider hardcoding RSA PSS paramemtersFrozenDueToAgeNeedsDecision

#41407 opened 4 years ago by rolandshoemaker

CreateCertificate should return a meaningful error instead of panic when passed an unknown ExtKeyUsageFrozenDueToAgeNeedsFix

#41169 opened 4 years ago by rolandshoemaker

support P-192FeatureRequestFrozenDueToAgeNeedsInvestigation

#41035 opened 4 years ago by cespare

Google Cloud SQL TLS connections broken in Go 1.15+FrozenDueToAgeNeedsInvestigation

#40748 opened 4 years ago by kristiandrucker

AKID and issuer SKID are not checked to matchFrozenDueToAgeNeedsInvestigation

#40679 opened 4 years ago by PeterNovotney

Update test case in verify_testFrozenDueToAgeNeedsInvestigationTesting

#40604 opened 5 years ago by SparrowLii

CreateCertificate should maybe check the signatures it generatesFrozenDueToAgeNeedsInvestigation

#40458 opened 5 years ago by rolandshoemaker

corporate proxy: certificate signed by unknown authorityFrozenDueToAgeNeedsInvestigation

#40370 opened 5 years ago by wrschneider

Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.14]CherryPickApprovedFrozenDueToAgeSecurity

#40210 opened 5 years ago by katiehockman

Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.13]CherryPickApprovedFrozenDueToAgeSecurity

#40209 opened 5 years ago by katiehockman

Go 1.15 will break default connections to AWS RDSFrozenDueToAgeNeedsDecisionrelease-blocker

#39568 opened 5 years ago by kevinburke1

exporting staticlib with ios_sdk failed with CGO_ENABLED=1FrozenDueToAgeNeedsInvestigationmobile

#39503 opened 5 years ago by nodece

SKID generation is over full spki, rather than just the subjectPublicKeyFrozenDueToAgeNeedsFix

#39429 opened 5 years ago by rolandshoemaker

Certificate.Verify method seemingly ignoring EKU requirements on WindowsFrozenDueToAgeNeedsFixOS-Windows

#39360 opened 5 years ago by niallnsec

add support for PBES2 private keysFrozenDueToAgeNeedsInvestigationProposal

#39241 opened 5 years ago by shibe2

properly handle errSecInvalidTrustSettings in macOS rootsFrozenDueToAgeNeedsInvestigationOS-Darwin

#38888 opened 5 years ago by FiloSottile

update bundled iOS rootsFrozenDueToAgeNeedsFixokay-after-beta1recurringrelease-blocker

#38843 opened 5 years ago by FiloSottile

build tag "ios" broken at tip on darwin/amd64FrozenDueToAgeNeedsFixmobilerelease-blocker

#38710 opened 5 years ago by bradfitz

CGO_ENABLED=0 x509: certificate signed by unknown authorityFrozenDueToAgeNeedsInvestigationOS-DarwinWaitingForInfo

#38365 opened 5 years ago by kotyara85

can set pathlen in certificate when not CAFrozenDueToAgeNeedsFix

#38216 opened 5 years ago by m-j-jam

Mac without CGO is very slow, times out with large numbers of certsFrozenDueToAgeOS-Darwin

#38215 opened 5 years ago by deitch

unable to parse PKCS1 RSA private key from Microsoft Terminal Services Signing KeyFrozenDueToAge

#38181 opened 5 years ago by bamiaux

RSA-PSS signatures on certificates should be encoded without optional NULLsFrozenDueToAgeNeedsFix

#38014 opened 5 years ago by Demi-Marie

documentation about SSL_CERT_FILE and SSL_CERT_DIR is incorrectDocumentationFrozenDueToAgeNeedsInvestigation

#37907 opened 5 years ago by elagergren-spideroak

check that private key matches the issuerFrozenDueToAgeNeedsFix

#37845 opened 5 years ago by shoobyban

Certificate parsing/verification supports non-compliant dNSName constraintsFrozenDueToAgeNeedsInvestigation

#37535 opened 5 years ago by rolandshoemaker

parse additional fields in CertificateRequestFrozenDueToAgeNeedsFixProposal-AcceptedProposal-Crypto

#37172 opened 5 years ago by chauncyc

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.14 backport]CherryPickApprovedFrozenDueToAge

#37068 opened 5 years ago by gopherbot

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.13 backport]CherryPickApprovedFrozenDueToAge

#37067 opened 5 years ago by gopherbot

certificate signed by unknown authority, macOSFrozenDueToAge

#37017 opened 5 years ago by fcjr

panic in certificate parsing [Go1.12]CherryPickApprovedFrozenDueToAgeSecurity

#36839 opened 5 years ago by katiehockman

panic in certificate parsing [Go1.13]CherryPickApprovedFrozenDueToAgeSecurity

#36838 opened 5 years ago by katiehockman

panic in certificate parsingFrozenDueToAgeSecurity

#36837 opened 5 years ago by katiehockman

certificate validation bypass on Windows 10 [Go1.12]CherryPickApprovedFrozenDueToAgeSecurity

#36836 opened 5 years ago by katiehockman

certificate validation bypass on Windows 10 [Go1.13]CherryPickApprovedFrozenDueToAgeSecurity

#36835 opened 5 years ago by katiehockman

certificate validation bypass on Windows 10FrozenDueToAgeSecurity

#36834 opened 5 years ago by katiehockman

incorrect mention of "EC Public Key" for ParseECPrivateKey docs, should be "EC Private Key"DocumentationFrozenDueToAgeNeedsInvestigation

#36788 opened 5 years ago by matthew119427

MarshalPKCS8PrivateKey doc says RSA private key while it supports more than thatDocumentationFrozenDueToAgeNeedsFix

#36735 opened 5 years ago by gmichelo

ParseCertificate error: PrintableString contains invalid characterFrozenDueToAgeNeedsInvestigation

#36044 opened 5 years ago by jajohnsonpro

certificate verification does not correctly compare subject and issuer names for equalityFrozenDueToAge

#36027 opened 5 years ago by paulgriffiths

error for "trailing data after X.509 subject" should say "issuer" insteadFrozenDueToAgeNeedsFix

#35841 opened 5 years ago by egonk

untrusted intermediates are not used on macOSFrozenDueToAgeNeedsInvestigationOS-Darwin

#35631 opened 5 years ago by mariusgrigoriu

Other Names in x509 Certificate SAN causing certificate verification failureFrozenDueToAgeNeedsInvestigation

#35467 opened 5 years ago by chrisbrowning

add API to create RFC-compliant CRLsFrozenDueToAgeNeedsFixProposal-AcceptedProposal-Crypto

#35428 opened 5 years ago by jefferai

SSL_CERT_DIR should support multiple directories separated by a colon like OpenSSL and BoringSSL doFrozenDueToAgeNeedsFix

#35325 opened 5 years ago by freedge

Reference SubjectPublicKeyInfo in MarshalPKIXPublicKeyDocumentationFrozenDueToAgeNeedsFixhelp wanted

#35313 opened 5 years ago by jsha

apply gofmt to verify.goFrozenDueToAgeNeedsFixhelp wanted

#35052 opened 5 years ago by graywolf

add CertPool.CloneFrozenDueToAgeProposalProposal-AcceptedProposal-CryptoProposal-FinalCommentPeriod

#35044 opened 5 years ago by wbl

support extending list of algorithmsFrozenDueToAgeProposalProposal-Crypto

#34844 opened 5 years ago by denisvolin

x509ignoreCN=1 breaks TestCertificateParseFrozenDueToAgeNeedsFixTesting

#34252 opened 5 years ago by tmthrgd

implement TextMarshaler for *CertificateFeatureRequestFrozenDueToAgeProposalProposal-Crypto

#33888 opened 5 years ago by kevinburke1

failed to parse ECDSA256 PEM generated by Apple Developer WebsiteFrozenDueToAgeNeedsInvestigation

#33560 opened 6 years ago by Frozen-Tofu

any plans to implement RID and dirName SANs?FrozenDueToAge

#33504 opened 6 years ago by pedromreis

expose hash algorithm for SignatureAlgorithmFrozenDueToAgeNeedsInvestigationProposalProposal-Crypto

#33317 opened 6 years ago by bodgit

CreateCertificate creates invalid serial number fieldFrozenDueToAgeNeedsInvestigation

#33310 opened 6 years ago by azsn

unable to parse certificate parsable by JavaNeedsDecision

#33259 opened 6 years ago by tomjamescn

trust setting not inherited on DarwinFrozenDueToAgeNeedsInvestigationOS-Darwin

#32891 opened 6 years ago by tommyknows

'certificate signed by unknown authority' on mipsleFrozenDueToAgeNeedsInvestigationWaitingForInfo

#32878 opened 6 years ago by vitaliy-kuzmich

replace MD5 in PEM encryption?FrozenDueToAgeNeedsInvestigation

#32777 opened 6 years ago by micahhyman1

return informative error if wrong type passed to MarshalPKIXPublicKeyFrozenDueToAgeNeedsFixhelp wanted

#32640 opened 6 years ago by mathieudevos

link Security.framework symbols without cgoFrozenDueToAgeNeedsFixOS-Darwin

#32604 opened 6 years ago by FiloSottile

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.12 backport]CherryPickApprovedFrozenDueToAge

#32282 opened 6 years ago by gopherbot

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.11 backport]CherryPickApprovedFrozenDueToAge

#32281 opened 6 years ago by gopherbot

Go opens many more CA cert files than PythonFrozenDueToAgeNeedsInvestigationPerformance

#32172 opened 6 years ago by yyq2013

recently updated Xcode command line tools results in errorFrozenDueToAgeNeedsInvestigationWaitingForInfo

#31250 opened 6 years ago by gilgameshskytrooper

FetchPEMRoots in CGO crashed with signal SIGSEGV when using http.Client.Do() on https URLFrozenDueToAgeOS-Darwin

#30889 opened 6 years ago by marques-work

frequent panics when doing HTTPS requests on DarwinFrozenDueToAgeNeedsInvestigationOS-Darwinrelease-blocker

#30763 opened 6 years ago by leonklingele

root_cgo_darwin omits intermediate CAs with an empty policy settings or an unspecified trust type settingFrozenDueToAgeNeedsFixOS-Darwin

#30672 opened 6 years ago by penglei

Trust setting not inherited on darwinFrozenDueToAgeNeedsInvestigationOS-Darwin

#30471 opened 6 years ago by vdobler

darwin-386 build is brokenFrozenDueToAgeNeedsFixOS-DarwinSoon

#30444 opened 6 years ago by bradfitz

offer a useful error when ParsePKCS8PrivateKey/ParseECPrivateKey/ParsePKCS1PrivateKey or ParsePKIXPublicKey/ParsePKCS1PrivateKey are mixed upFrozenDueToAgeNeedsFixhelp wanted

#30094 opened 6 years ago by FiloSottile

certificates with AKID don't chain to parents without SKID [1.11 backport]CherryPickApprovedFrozenDueToAge

#30081 opened 6 years ago by gopherbot

certificates with AKID don't chain to parents without SKID [1.10 backport]CherryPickApprovedFrozenDueToAgeNeedsFix

#30080 opened 6 years ago by gopherbot

certificates with AKID don't chain to parents without SKIDFrozenDueToAgeNeedsFix

#30079 opened 6 years ago by FiloSottile

TestSystemRoots failing when keychain contains expired or untrusted certificatesFrozenDueToAgeNeedsFixOS-Darwin

#29497 opened 6 years ago by akamensky

CPU denial of service [Go 1.10]CherryPickApprovedFrozenDueToAgeSecurity

#29238 opened 6 years ago by FiloSottile

CPU denial of service [Go 1.11]CherryPickApprovedFrozenDueToAgeSecurity

#29237 opened 6 years ago by FiloSottile

CPU denial of service in chain validationFrozenDueToAgeSecurity

#29233 opened 6 years ago by dmitshur

ParsePKCS1PublicKey expects invalid key formatFrozenDueToAgeNeedsInvestigationWaitingForInfo

#29141 opened 6 years ago by ThreeFx

(*Certificate).Equals panics for nil valuesFrozenDueToAgeNeedsDecision

#28743 opened 6 years ago by empijei

"certificate signed by unknown authority" with seemingly valid certificate chainFrozenDueToAge

#28276 opened 6 years ago by imirkin

add /usr/local/etc/ssl/certs for CA certificates on LinuxFrozenDueToAgeNeedsInvestigation

#28199 opened 6 years ago by afbjorklund

macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRootsFrozenDueToAgeNeedsFixOS-Darwin

#28092 opened 6 years ago by akamensky

Go does not load root CA from System keychain on macOSFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#28025 opened 6 years ago by adamrothman

MaxConstraintComparisions typo: "Comparisions" should be "Comparisons"FrozenDueToAgeNeedsDecision

#27969 opened 6 years ago by alexkohler

if system keychain has a cert with an empty but valid trust settings array, cert should be trusted but Go does not trust itFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity

#27958 opened 6 years ago by jhump

DecryptPEMBlock sometimes passes when the password is wrongFrozenDueToAgeNeedsInvestigation

#27880 opened 6 years ago by azr

Partial wildcards are not supportedFrozenDueToAge

#27629 opened 6 years ago by agunnerson-ibm

Insufficient verification of ServerName when certificate is wildcardFrozenDueToAgeNeedsFix

#27591 opened 6 years ago by int-tt

SystemCertPool documentation is not clear that modifications to the cert pool supplied are isolated from other pools returned by the functionDocumentationFrozenDueToAgeNeedsFix

#27385 opened 6 years ago by leighmcculloch

certificate signed by unknown authority again FrozenDueToAgeNeedsInvestigationWaitingForInfo

#27175 opened 6 years ago by brunetto

add functions to download certificates from windows update, and retrieve certificates from windows x509storesFrozenDueToAgeOS-WindowsProposalProposal-Crypto

#26950 opened 7 years ago by jeet-parekh

parse trust settings in root_nocgo_darwinFrozenDueToAgeNeedsFixOS-Darwin

#26830 opened 7 years ago by FiloSottile

add SubjectKeyId automatically when IsCA is trueFrozenDueToAgeNeedsFix

#26676 opened 7 years ago by FiloSottile

doc: clarify package is aimed towards Web PKI support DocumentationFrozenDueToAgeNeedsFix

#26624 opened 7 years ago by adamdecaf

allow certificates to be exported from CertPoolFrozenDueToAgeProposalProposal-Crypto

#26614 opened 7 years ago by btoews

create typed versions of ParsePKCS8PrivateKeyFrozenDueToAgeNeedsInvestigationProposalProposal-Crypto

#26485 opened 7 years ago by HaraldNordgren

reject UTF-8 namesFrozenDueToAgeNeedsFix

#26362 opened 7 years ago by FiloSottile

unable to parse CertificateRequest SAN otherName fieldFrozenDueToAgeNeedsInvestigation

#26093 opened 7 years ago by medzin

macOS -framework Security produces link warningNeedsInvestigationOS-Darwinrelease-blocker

#26073 opened 7 years ago by rsc

root_cgo_darwin and root_nocgo_darwin omit some system certs [1.9 backport]CherryPickCandidateFrozenDueToAge

#26040 opened 7 years ago by gopherbot

root_cgo_darwin and root_nocgo_darwin omit some system certs [1.11 backport]CherryPickApprovedFrozenDueToAge

#26039 opened 7 years ago by gopherbot

Certificate Subject UID not being parsedFeatureRequestFrozenDueToAgeNeedsInvestigation

#25667 opened 7 years ago by Trane9991

root_cgo_darwin omits certs with number of trust settings 0 erroneously when CGO_ENABLED=1FrozenDueToAgeNeedsInvestigationOS-Darwin

#25649 opened 7 years ago by dlamotte

EdDSA certificates supportFrozenDueToAgeProposalProposal-AcceptedProposal-Crypto

#25355 opened 7 years ago by FiloSottile

CANotAuthorizedForExtKeyUsage is a bogus error [1.10 backport]CherryPickApprovedFrozenDueToAge

#25258 opened 7 years ago by gopherbot

NameConstraintsWithoutSANs when checking signing certificate [1.10 backport]FrozenDueToAge

#25016 opened 7 years ago by gopherbot

partial wildcards not supportedFrozenDueToAge

#24888 opened 7 years ago by kmala

http.Response.TLS.VerifiedChains behavior changed in go1.9FrozenDueToAgeNeedsInvestigation

#24685 opened 7 years ago by nolith

root_cgo_darwin and root_nocgo_darwin omit some system certsNeedsFixOS-DarwinSecurity

#24652 opened 7 years ago by jdhenke

CANotAuthorizedForExtKeyUsage is prematureFrozenDueToAgeNeedsFix

#24590 opened 7 years ago by robstradling

SystemCertPool return nil, nil on NaClFrozenDueToAgeNeedsFix

#24561 opened 7 years ago by FiloSottile

enable deep copy of x509.CertPoolFrozenDueToAgeNeedsDecision

#24540 opened 7 years ago by frankgreco

cgo errors when compiling with gcc on DarwinFrozenDueToAgeNeedsInvestigationOS-Darwin

#24437 opened 7 years ago by avinashrd

cgo errors on for loop initial declarations with gcc pre-C99FrozenDueToAgeNeedsFixOS-Darwin

#24425 opened 7 years ago by avinashrd

Verify failed on some valid certificates with SubjectAlternateNamesFrozenDueToAge

#24293 opened 7 years ago by gibma

multi-value RDN sequence is not properly DER-orderedFrozenDueToAgeNeedsFixearly-in-cyclerelease-blocker

#24254 opened 7 years ago by mrogers950

FetchPEMRoots in CGO crashed with signal SIGSEGV on go get gopkg.in/sourcemap.v1 on macOS Sierra (10.12.6)FrozenDueToAgeNeedsInvestigationOS-Darwin

#24190 opened 7 years ago by ericreis

VerifyOptions.KeyUsages went from any required to all required in 1.10CherryPickApprovedFrozenDueToAge

#24162 opened 7 years ago by grittygrease

NameConstraintsWithoutSANs when checking signing certificateFrozenDueToAgeNeedsFix

#24151 opened 7 years ago by thsnr

parse macOS keychain policies instead of using verify-certFrozenDueToAgeNeedsFixOS-Darwin

#24084 opened 7 years ago by adamdecaf

Fails to parse certificates with fully qualified domain names FrozenDueToAgeNeedsInvestigation

#24070 opened 7 years ago by hanikesn

verification fails with "cannot parse dnsName" in intermediateCherryPickApprovedFrozenDueToAge

#23995 opened 7 years ago by freman

unable to find SignatureAlgorithm of certificate with PSS signatureFrozenDueToAge

#23847 opened 7 years ago by conradoplg

AppendCertsFromPEM fails on go1.10rc1FrozenDueToAgeNeedsDecision

#23711 opened 7 years ago by magiconair

Go should be lenient in parsing CRL Distribution Points that do not conform to RFC 5280 4.2.1.13FrozenDueToAgeNeedsDecision

#23403 opened 7 years ago by christopher-henderson

add support to get SSL context from certificate store on windowsFrozenDueToAgeOS-WindowsProposalProposal-Crypto

#23282 opened 7 years ago by tsaridas

add /usr/local/share/ca-certificates to certificate directoriesFrozenDueToAgeWaitingForInfo

#23217 opened 7 years ago by mmiranda96

ParsePKIXPublicKey can not parse 1024bit RSAFrozenDueToAgeNeedsInvestigation

#23032 opened 7 years ago by parazyd

Trailing data in the IssuerAlternativeName extension value does not return an error when parsing certificate.FrozenDueToAgeNeedsInvestigation

#23016 opened 7 years ago by szank

VerifyHostname validating wrong SANFrozenDueToAgeWaitingForInfo

#22922 opened 7 years ago by rikatz

buildExtensions issues certificates rejected by Mozilla NSSFrozenDueToAgeNeedsFix

#22616 opened 7 years ago by pcarrier

intermediates with unknown critical extensions not rejected [Go1.8]CherryPickApprovedFrozenDueToAge

#22261 opened 7 years ago by rsc

intermediates with unknown critical extensions not rejectedCherryPickApprovedFrozenDueToAgerelease-blocker

#22260 opened 7 years ago by rsc

disable TestSystemRoots on non-cgo darwinCherryPickApprovedFrozenDueToAgeOS-Darwinrelease-blocker

#22256 opened 7 years ago by rsc

CreateCertificate should mark SubjectAltName as critical iff Subject is emptyFrozenDueToAge

#22249 opened 7 years ago by optnfast

Apple edited HT204132, breaking iOS CA roots updaterFrozenDueToAgeNeedsFixOS-Darwin

#22181 opened 7 years ago by acohn

Truncate DSA signed data's hash before verificationFrozenDueToAgeNeedsFixhelp wanted

#22017 opened 7 years ago by Tasssadar

add Public Key Algorithms from RFC 4491FrozenDueToAgeProposal

#21858 opened 7 years ago by realmfoo

cannot generate version 1 or 2 certificatesFrozenDueToAge

#21593 opened 7 years ago by CRThaze

ParseCertificate fails for ECDSA certificate, gives asn1 unmarshal errorFrozenDueToAge

#21502 opened 8 years ago by vickiniu

Entrust broken cert link no longer valid, please consider removing the workaroundFrozenDueToAgerelease-blocker

#21488 opened 8 years ago by mrmagooey

TestSystemRoots failureFrozenDueToAgeNeedsInvestigationOS-DarwinTestingrelease-blocker

#21416 opened 8 years ago by martisch

SystemCertPool() can return nil,nilFrozenDueToAgeNeedsFix

#21405 opened 8 years ago by champtar

CreateCertificate docs incompletely list template fields usedDocumentationFrozenDueToAgeNeedsFix

#21363 opened 8 years ago by cryslith

ParseCertificate error: PrintableString contains invalid characterFrozenDueToAgeWaitingForInfo

#21339 opened 8 years ago by tonyjt

does not notice if an RSA SignatureAlgorithm is missing parametersFrozenDueToAgeNeedsFix

#21118 opened 8 years ago by agl

missing MarshalPKCS1PublicKey and ParsePKCS1PublicKeyFrozenDueToAge

#21029 opened 8 years ago by tmc

root_darwin.go does not include trusted root certificates from System/Login keychainsFrozenDueToAgeOS-Darwin

#20990 opened 8 years ago by raszi

when TestEnvVars fails, it "index out of range" panics due to off-by-one bugFrozenDueToAge

#20801 opened 8 years ago by dmitshur

Missing MarshalPKCS8PrivateKeyFrozenDueToAgeNeedsFix

#19972 opened 8 years ago by jameshartig

export CertPool’s certificatesFrozenDueToAge

#19606 opened 8 years ago by stapelberg

TestSystemVerify failures on windows-*-2008 buildersBuildersFrozenDueToAgeOS-WindowsTestingokay-after-beta1release-blocker

#19564 opened 8 years ago by josharian

FetchPEMRoots on macOS takes 20 seconds when there are a lot of trust settingsFrozenDueToAgeNeedsInvestigationOS-Darwin

#19561 opened 8 years ago by tbodt

honor OS X certificate trust settings possible regressionFrozenDueToAgeNeedsInvestigationOS-DarwinWaitingForInfohelp wanted

#19436 opened 8 years ago by dharmapunk82

ParseCertificate returns a certificate with MaxPathLen of -1 if pathLenConstraint is not setDocumentationFrozenDueToAgeNeedsDecision

#19285 opened 8 years ago by cyli

docs for CreateCertificate omit template.AuthorityKeyId yet it is used in codeDocumentationFrozenDueToAge

#18962 opened 8 years ago by taylortrimble

documentation for CreateCertificateRequest extensions unclearDocumentationFrozenDueToAge

#18899 opened 8 years ago by lwithers

path lookup order change affects CentOS from Go 1.7->8FrozenDueToAgeNeedsDecision

#18813 opened 8 years ago by joegrasse

certificate validation errors with go1.7.4 binaries + macOS SierraFrozenDueToAgeOS-Darwin

#18688 opened 8 years ago by cblecker

ParseCertificate ignores all but first value from Subject's []string{} fieldsFrozenDueToAgeNeedsInvestigation

#18654 opened 8 years ago by joemiller

Go 1.8's SystemCertPool() on Windows does not return all Windows root CAsFrozenDueToAgeNeedsFixhelp wanted

#18609 opened 8 years ago by mkrautz

root_darwin_test.go failsFrozenDueToAgeOS-Darwin

#18224 opened 8 years ago by YoshikiShibata

TestSystemRoots flaky & slow in non-cgo caseFrozenDueToAgeNeedsFixOS-Darwin

#18203 opened 8 years ago by phacker

honor OS X certificate trust settingsFrozenDueToAgeSecurity

#18141 opened 8 years ago by quentinmit

loadSystemRoots segfault when running under launchdFrozenDueToAgeNeedsInvestigationWaitingForInfo

#17972 opened 8 years ago by nhooyr

contradictory Mac OS X version requirementsFrozenDueToAgeOS-DarwinWaitingForInfo

#17732 opened 8 years ago by AxbB36

certificates at /etc/ssl/certs/ ignored on FreeBSD, etcFrozenDueToAgeNeedsInvestigationOS-FreeBSDhelp wanted

#16920 opened 8 years ago by buro1983

distributionPointName not compliant with RFC 5280FrozenDueToAge

#16858 opened 9 years ago by zhengping12

Certs with odd RDN layouts not handled, cause confusing errorsFrozenDueToAgeNeedsInvestigation

#16836 opened 9 years ago by tv42

bad error messageFrozenDueToAge

#16834 opened 9 years ago by joneskoo

Verify returns incorrect chains for some situationsFrozenDueToAgeNeedsFix

#16800 opened 9 years ago by ramoas

a server with a self-signed certificate doesn't validate if that cert is in RootsFrozenDueToAge

#16763 opened 9 years ago by agl

make SystemCertPool work on Windows?FrozenDueToAgeNeedsFixOS-Windowshelp wanted

#16736 opened 9 years ago by bradfitz

CreateCRL allows non-UTC times in revokedCerts listFrozenDueToAgeNeedsDecision

#16686 opened 9 years ago by jefferai

missing support for EC parameter encodingFrozenDueToAgeNeedsDecision

#16660 opened 9 years ago by ghost

CreateCertificate can panic in asn1 codeFrozenDueToAgehelp wanted

#16603 opened 9 years ago by jefferai

error "x509: certificate signed by unknown authority" on valid SSL chainFrozenDueToAgeNeedsInvestigation

#16589 opened 9 years ago by rasky

darwin only loads system.root keychain should also load system keychainFrozenDueToAgeNeedsFixOS-Darwinhelp wantedrelease-blocker

#16532 opened 9 years ago by jostockley

re-unify the OS X code paths for loading rootsFrozenDueToAgeNeedsFixOS-Darwin

#16508 opened 9 years ago by bradfitz

0xb01dfacedebac1e crash on Mac OS X 10.8FrozenDueToAge

#16473 opened 9 years ago by bradfitz

Certificate Name Constraints starting with "." not validated properlyFrozenDueToAge

#16347 opened 9 years ago by floridoo

ParsePKIXPublicKey parses invalid RSA public keys without errorsFrozenDueToAge

#16166 opened 9 years ago by szank

RSA certs with PSS signatures cannot be verifiedFrozenDueToAgeNeedsInvestigation

#15958 opened 9 years ago by lwithers

CentOS 7 "x509: failed to load system roots and no roots provided" issues.FrozenDueToAgeNeedsFix

#15749 opened 9 years ago by mckn

VerifyHostname should ignore port if not present in patternFrozenDueToAge

#15452 opened 9 years ago by runeaune

Wrong error text when failing to unmarshal key-idFrozenDueToAge

#15371 opened 9 years ago by phayes

CommonName truncated at slashFrozenDueToAgeWaitingForInfo

#15256 opened 9 years ago by huang195

AuthorityKeyId on self-signed certificatesFrozenDueToAge

#15194 opened 9 years ago by vanbroup

CheckSignatureFrom does not verify Issuer matches parent's SubjectFrozenDueToAgeNeedsInvestigation

#14955 opened 9 years ago by jsha

invalid implementation of Permitted DNS NamesFrozenDueToAge

#14833 opened 9 years ago by ayufan

broken linkDocumentationFrozenDueToAge

#14776 opened 9 years ago by perillo

occasional failure on FreeBSD buildersFrozenDueToAgeOS-FreeBSD

#14688 opened 9 years ago by ianlancetaylor

oidSignatureDSAWithSHA256 has incorrect valueFrozenDueToAge

#14663 opened 9 years ago by AGWA

typo in docs for x509.CreateCertificateRequestDocumentationFrozenDueToAge

#14649 opened 9 years ago by voutasaurus

root_darwin.go does not include trusted root certificates from System/Login keychainsOS-Darwin

#14514 opened 9 years ago by mwielgoszewski

ParsePKCS1PrivateKey is not complaint with PKCS#1 standardFrozenDueToAge

#14512 opened 9 years ago by wpc

better documentation for ParsePKIXPublicKeyFrozenDueToAge

#14355 opened 9 years ago by dndx

add standard SSL_CERT_DIR locationsFrozenDueToAgeNeedsFix

#14311 opened 9 years ago by raspy

parsing of certificates with exponent length > 32bit fails on GOARCH=386FrozenDueToAgev2

#14129 opened 9 years ago by nurio

writing certificates in PKCS12 formatFrozenDueToAgeProposalProposal-Declined

#14125 opened 9 years ago by boumenot

FreeBSD CA roots order fixFrozenDueToAgeNeedsFixOS-FreeBSD

#14022 opened 9 years ago by lifeforms

CRL generated by Certificate.CreateCRL is still version 1FrozenDueToAge

#13931 opened 9 years ago by hujun-open

CreateCertificateRequest cannot write extensions with criticalFrozenDueToAge

#13739 opened 9 years ago by nejisama

Panics on some ECDSA keysFrozenDueToAge

#13699 opened 9 years ago by hlandau

UnknownAuthorityError should expose private CertificateFrozenDueToAgeNeedsFix

#13519 opened 9 years ago by rolandshoemaker

add support for marshalling PKCS#8 private keysFrozenDueToAge

#13487 opened 9 years ago by AGWA

export systemRootsPool or equivilantFrozenDueToAge

#13335 opened 9 years ago by phemmer

panic verifying certificate on windowsFrozenDueToAgeOS-Windows

#12184 opened 10 years ago by deafgoat

add /etc/ssl/certs to certificate directoriesFrozenDueToAge

#12139 opened 10 years ago by deafgoat

x509 DN orderingFrozenDueToAge

#11966 opened 10 years ago by szechyjs

Go uses the wrong type for parsing CSR attributesFrozenDueToAge

#11897 opened 10 years ago by agl

cannot build for iOS simulatorFrozenDueToAge

#11736 opened 10 years ago by crawshaw

TestSystemVerify failed on windowsFrozenDueToAgeOS-Windows

#11730 opened 10 years ago by chai2010

division by zeroFrozenDueToAge

#11233 opened 10 years ago by dvyukov

input not full blocksFrozenDueToAge

#11215 opened 10 years ago by dvyukov

test is sometimes very slowFrozenDueToAge

#10692 opened 10 years ago by rsc

reading certificates from PKCS12 files FrozenDueToAge

#10621 opened 10 years ago by paulmey

ParsePKIXPublicKey ignores tail of ASN.1 encodingFrozenDueToAge

#10583 opened 10 years ago by rsc

Support critical Apple extension for Development and Submission signingFrozenDueToAge

#10459 opened 10 years ago by nathany

Support MD5 signatures for certificatesFrozenDueToAge

#10436 opened 10 years ago by gonzojive

more descriptive error message for unsupported algorithms such as MD5 with RSAFrozenDueToAge

#10431 opened 10 years ago by mvanotti

COMODO certifification got x509: certificate signed by unknown authorityFrozenDueToAge

#10421 opened 10 years ago by SunRunAway

insufficient validation in x509.DecryptPEMBlock leads to decryption false positivesFrozenDueToAge

#10171 opened 10 years ago by diogomonica

parseCertificate fails if Cert Policy extension is criticalFrozenDueToAge

#9964 opened 10 years ago by mvanotti

Need to update certificate name matching to only accept wildcards in the first label.FrozenDueToAge

#9834 opened 10 years ago by agl

matchHostnames doesn't work with absolute domain namesFrozenDueToAge

#9828 opened 10 years ago by rubyist

missing certificate location on netbsdFrozenDueToAge

#9285 opened 10 years ago by 0-wiz-0

root_unix.go: crypto/x509: failed to load system roots and no roots provided.FrozenDueToAge

#9146 opened 10 years ago by gopherbot

certFiles needs updating for Solaris 11.2+FrozenDueToAge

#9078 opened 10 years ago by gopherbot

typo in CreateCertificateRequest docsFrozenDueToAge

#8936 opened 10 years ago by gopherbot

ParsePKCS8PrivateKey does not support loading DSA keysFrozenDueToAge

#8919 opened 10 years ago by gopherbot

cert from google fails to parseFrozenDueToAge

#8387 opened 11 years ago by gopherbot

failed to load system roots and no roots provided.FrozenDueToAge

#8349 opened 11 years ago by gopherbot

unable to parse certificate with a negative serial numberFrozenDueToAge

#8265 opened 11 years ago by gopherbot

An invalid certificate chain may be returned by "Certificate.Verify(opts VerifyOptions)"FrozenDueToAge

#8029 opened 11 years ago by gopherbot

No expected chain matchedFrozenDueToAge

#7824 opened 11 years ago by peterGo

certs fail on current Windows due to 3/11/2014 root updateFrozenDueToAge

#7523 opened 11 years ago by rsc

Extended Key Usage on X509 certificates yields unexpected flagsFrozenDueToAge

#7516 opened 11 years ago by gopherbot

support DSA keys.FrozenDueToAge

#6868 opened 11 years ago by hanwen

ExtKeyUsageAny doesn't work when tls server CheckSignatureFrom client's certificate FrozenDueToAge

#6831 opened 11 years ago by gopherbot

error in documentation for CreateCertificateFrozenDueToAge

#6633 opened 11 years ago by jstemmer

failed to load system roots when there are no system rootsFrozenDueToAge

#6391 opened 11 years ago by gopherbot

Document how to make custom cert root listDocumentationFrozenDueToAge

#6267 opened 12 years ago by dsymonds

does not expose URIs in SubjectAltName extensionFrozenDueToAge

#5752 opened 12 years ago by gopherbot

support CSRsFrozenDueToAge

#5303 opened 12 years ago by gopherbot

respect SignatureAlgorithm in CreateCertificateFrozenDueToAge

#5302 opened 12 years ago by gopherbot

certificate with signature RMD160 shows wrong error messageFrozenDueToAgeNeedsInvestigationhelp wanted

#5301 opened 12 years ago by gopherbot

confusing error for missing hash functionFrozenDueToAge

#5058 opened 12 years ago by rsc

Wildcard Cerficate Validation WeaknessFrozenDueToAge

#4658 opened 12 years ago by gopherbot

windows test exe crashes while calling syscall.CertGetCertificateChain during TestSystemVerifyFrozenDueToAgeUnfortunate

#4165 opened 12 years ago by gopherbot

allow cert bundle path to be set by environment variableFrozenDueToAge

#3905 opened 13 years ago by gopherbot

cannot parse Facebook certFrozenDueToAge

#3731 opened 13 years ago by gopherbot

TLS connection problems due to cert verification failureFrozenDueToAge

#993 opened 15 years ago by gopherbot

does not implement other hash algorithms then SHA1WithRSAFrozenDueToAge

#988 opened 15 years ago by gopherbot