crypto/x509
#43477 opened 3 weeks ago by AGWA
IsEncryptedPEMBlock returns false on valid encrypted keys. ParseRawPrivateKeyWithPassphrase fails on PKCS8 format encrypted key.DocumentationNeedsFix
#41949 opened 3 months ago by HarikrishnanBalagopal
consider hardcoding RSA PSS paramemtersNeedsDecision
#41407 opened 4 months ago by rolandshoemaker
#41169 opened 4 months ago by rolandshoemaker
#41035 opened 5 months ago by cespare
AKID and issuer SKID are not checked to matchNeedsInvestigation
#40679 opened 5 months ago by PeterNovotney
#40604 opened 5 months ago by SparrowLii
CreateCertificate should maybe check the signatures it generatesNeedsInvestigation
#40458 opened 6 months ago by rolandshoemaker
corporate proxy: certificate signed by unknown authorityNeedsInvestigation
#40370 opened 6 months ago by wrschneider
Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.14]CherryPickApprovedSecurity
#40210 opened 6 months ago by katiehockman
Certificate.Verify method seemingly ignoring EKU requirements on Windows [Go 1.13]CherryPickApprovedSecurity
#40209 opened 6 months ago by katiehockman
#39568 opened 7 months ago by kevinburkemeter
#39503 opened 7 months ago by nodece
#39429 opened 7 months ago by rolandshoemaker
#39360 opened 7 months ago by niallnsec
#38710 opened 9 months ago by bradfitz
CGO_ENABLED=0 x509: certificate signed by unknown authorityNeedsInvestigationOS-DarwinWaitingForInfo
#38365 opened 9 months ago by kotyara85
#38216 opened 9 months ago by m-j-jam
#38215 opened 9 months ago by deitch
#38181 opened 10 months ago by bamiaux
#38014 opened 10 months ago by DemiMarie-parity
#37907 opened 10 months ago by elagergren-spideroak
#37535 opened 11 months ago by rolandshoemaker
#37172 opened 11 months ago by chauncyc
MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.14 backport]CherryPickApproved
#37068 opened 11 months ago by gopherbot
MarshalPKCS8PrivateKey doc says RSA private key while it supports more than that [1.13 backport]CherryPickApproved
#37067 opened 11 months ago by gopherbot
#37017 opened 11 months ago by fcjr
#36839 opened 1 year ago by katiehockman
#36838 opened 1 year ago by katiehockman
panic in certificate parsingSecurity
#36837 opened 1 year ago by katiehockman
#36836 opened 1 year ago by katiehockman
#36835 opened 1 year ago by katiehockman
#36834 opened 1 year ago by katiehockman
incorrect mention of "EC Public Key" for ParseECPrivateKey docs, should be "EC Private Key"DocumentationNeedsInvestigation
#36788 opened 1 year ago by matthew119427
MarshalPKCS8PrivateKey doc says RSA private key while it supports more than thatDocumentationNeedsFix
#36735 opened 1 year ago by bigmikes
#36044 opened 1 year ago by jajohnsonpro
certificate verification does not correctly compare subject and issuer names for equalityFrozenDueToAge
#36027 opened 1 year ago by paulgriffiths
#35841 opened 1 year ago by egonk
Other Names in x509 Certificate SAN causing certificate verification failureFrozenDueToAgeNeedsInvestigation
#35467 opened 1 year ago by chrisbrowning
#35428 opened 1 year ago by jefferai
SSL_CERT_DIR should support multiple directories separated by a colon like OpenSSL and BoringSSL doNeedsFix
#35325 opened 1 year ago by freedge
#35313 opened 1 year ago by jsha
#35052 opened 1 year ago by graywolf
#34844 opened 1 year ago by denisvolin
#34252 opened 1 year ago by tmthrgd
#33888 opened 1 year ago by kevinburkemeter
#33560 opened 1 year ago by Frozen-Tofu
any plans to implement RID and dirName SANs?FrozenDueToAge
#33504 opened 1 year ago by pedromreis
#33310 opened 2 years ago by zelbrium
#32891 opened 2 years ago by tommyknows
#32878 opened 2 years ago by vitaliy-kuzmich
replace MD5 in PEM encryption?NeedsInvestigation
#32777 opened 2 years ago by micahhyman1
return informative error if wrong type passed to MarshalPKIXPublicKeyFrozenDueToAgeNeedsFixhelp wanted
#32640 opened 2 years ago by mathieudevos
#32604 opened 2 years ago by FiloSottile
macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.12 backport]CherryPickApprovedFrozenDueToAge
#32282 opened 2 years ago by gopherbot
macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots [1.11 backport]CherryPickApprovedFrozenDueToAge
#32281 opened 2 years ago by gopherbot
#32172 opened 2 years ago by yyq2013
recently updated Xcode command line tools results in errorFrozenDueToAgeNeedsInvestigationWaitingForInfo
#31250 opened 2 years ago by gilgameshskytrooper
FetchPEMRoots in CGO crashed with signal SIGSEGV when using http.Client.Do() on https URLFrozenDueToAgeOS-Darwin
#30889 opened 2 years ago by marques-work
#30763 opened 2 years ago by leonklingele
root_cgo_darwin omits intermediate CAs with an empty policy settings or an unspecified trust type settingNeedsFixOS-Darwin
#30672 opened 2 years ago by penglei
#30471 opened 2 years ago by vdobler
#30444 opened 2 years ago by bradfitz
offer a useful error when ParsePKCS8PrivateKey/ParseECPrivateKey/ParsePKCS1PrivateKey or ParsePKIXPublicKey/ParsePKCS1PrivateKey are mixed upFrozenDueToAgeNeedsFixhelp wanted
#30094 opened 2 years ago by FiloSottile
certificates with AKID don't chain to parents without SKID [1.11 backport]CherryPickApprovedFrozenDueToAge
#30081 opened 2 years ago by gopherbot
certificates with AKID don't chain to parents without SKID [1.10 backport]CherryPickApprovedFrozenDueToAgeNeedsFix
#30080 opened 2 years ago by gopherbot
#30079 opened 2 years ago by FiloSottile
TestSystemRoots failing when keychain contains expired or untrusted certificatesFrozenDueToAgeNeedsFixOS-Darwin
#29497 opened 2 years ago by akamensky
#29238 opened 2 years ago by FiloSottile
#29237 opened 2 years ago by FiloSottile
#29233 opened 2 years ago by dmitshur
#29141 opened 2 years ago by ThreeFx
#28743 opened 2 years ago by empijei
#28276 opened 2 years ago by imirkin
#28199 opened 2 years ago by afbjorklund
#28092 opened 2 years ago by akamensky
Go does not load root CA from System keychain on macOSFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity
#28025 opened 2 years ago by adamrothman
#27969 opened 2 years ago by alexkohler
if system keychain has a cert with an empty but valid trust settings array, cert should be trusted but Go does not trust itFrozenDueToAgeNeedsInvestigationOS-DarwinSecurity
#27958 opened 2 years ago by jhump
#27880 opened 2 years ago by azr
Partial wildcards are not supportedFrozenDueToAge
#27629 opened 2 years ago by agunnerson-ibm
#27591 opened 2 years ago by int-tt
SystemCertPool documentation is not clear that modifications to the cert pool supplied are isolated from other pools returned by the functionDocumentationFrozenDueToAgeNeedsFix
#27385 opened 2 years ago by leighmcculloch
#27175 opened 2 years ago by brunetto
#26830 opened 2 years ago by FiloSottile
#26676 opened 2 years ago by FiloSottile
#26614 opened 2 years ago by btoews
create typed versions of ParsePKCS8PrivateKeyFrozenDueToAgeNeedsInvestigationProposalProposal-Crypto
#26485 opened 2 years ago by HaraldNordgren
reject UTF-8 namesNeedsFix
#26362 opened 2 years ago by FiloSottile
#26093 opened 2 years ago by medzin
#26073 opened 2 years ago by rsc
root_cgo_darwin and root_nocgo_darwin omit some system certs [1.9 backport]CherryPickCandidateFrozenDueToAge
#26040 opened 2 years ago by gopherbot
root_cgo_darwin and root_nocgo_darwin omit some system certs [1.11 backport]CherryPickApprovedFrozenDueToAge
#26039 opened 2 years ago by gopherbot
#25667 opened 2 years ago by Trane9991
root_cgo_darwin omits certs with number of trust settings 0 erroneously when CGO_ENABLED=1FrozenDueToAgeNeedsInvestigationOS-Darwin
#25649 opened 2 years ago by dlamotte
#25355 opened 2 years ago by FiloSottile
#25258 opened 2 years ago by gopherbot
#25016 opened 2 years ago by gopherbot
partial wildcards not supportedFrozenDueToAge
#24888 opened 2 years ago by kmala
#24652 opened 2 years ago by jdhenke
#24590 opened 2 years ago by robstradling
#24561 opened 2 years ago by FiloSottile
#24540 opened 2 years ago by frankgreco
#24437 opened 2 years ago by avinashrd
#24425 opened 2 years ago by avinashrd
#24293 opened 2 years ago by gibma
#24254 opened 2 years ago by mrogers950
FetchPEMRoots in CGO crashed with signal SIGSEGV on go get gopkg.in/sourcemap.v1 on macOS Sierra (10.12.6)FrozenDueToAgeNeedsInvestigationOS-Darwin
#24190 opened 2 years ago by ericreis
VerifyOptions.KeyUsages went from any required to all required in 1.10CherryPickApprovedFrozenDueToAge
#24162 opened 2 years ago by grittygrease
#24084 opened 2 years ago by adamdecaf
#24070 opened 2 years ago by hanikesn
#23995 opened 2 years ago by freman
#23847 opened 2 years ago by conradoplg
#23711 opened 3 years ago by magiconair
Go should be lenient in parsing CRL Distribution Points that do not conform to RFC 5280 4.2.1.13FrozenDueToAgeNeedsDecision
#23403 opened 3 years ago by christopher-henderson
#23282 opened 3 years ago by tsaridas
#23217 opened 3 years ago by mmiranda96
#23032 opened 3 years ago by parazyd
Trailing data in the IssuerAlternativeName extension value does not return an error when parsing certificate.FrozenDueToAgeNeedsInvestigation
#23016 opened 3 years ago by szank
#22922 opened 3 years ago by rikatz
#22616 opened 3 years ago by pcarrier
#22261 opened 3 years ago by rsc
intermediates with unknown critical extensions not rejectedCherryPickApprovedFrozenDueToAgerelease-blocker
#22260 opened 3 years ago by rsc
#22256 opened 3 years ago by rsc
#22249 opened 3 years ago by optnfast
#22181 opened 3 years ago by acohn
#22017 opened 3 years ago by Tasssadar
#21858 opened 3 years ago by realmfoo
cannot generate version 1 or 2 certificatesFrozenDueToAge
#21593 opened 3 years ago by 0x783czar
#21502 opened 3 years ago by vickiniu
Entrust broken cert link no longer valid, please consider removing the workaroundFrozenDueToAgerelease-blocker
#21488 opened 3 years ago by mrmagooey
#21416 opened 3 years ago by martisch
#21405 opened 3 years ago by champtar
#21363 opened 3 years ago by cryslith
#21339 opened 3 years ago by tonyjt
missing MarshalPKCS1PublicKey and ParsePKCS1PublicKeyFrozenDueToAge
#21029 opened 3 years ago by tmc
root_darwin.go does not include trusted root certificates from System/Login keychainsFrozenDueToAgeOS-Darwin
#20990 opened 3 years ago by raszi
#20801 opened 3 years ago by dmitshur
#19972 opened 3 years ago by jameshartig
export CertPool’s certificatesFrozenDueToAge
#19606 opened 3 years ago by stapelberg
honor OS X certificate trust settings possible regressionFrozenDueToAgeNeedsInvestigationOS-DarwinWaitingForInfohelp wanted
#19436 opened 3 years ago by dharmapunk82
ParseCertificate returns a certificate with MaxPathLen of -1 if pathLenConstraint is not setDocumentationFrozenDueToAgeNeedsDecision
#19285 opened 3 years ago by cyli
docs for CreateCertificate omit template.AuthorityKeyId yet it is used in codeDocumentationFrozenDueToAge
#18962 opened 4 years ago by tylrtrmbl
#18899 opened 4 years ago by lwithers
#18813 opened 4 years ago by joegrasse
#18688 opened 4 years ago by cblecker
ParseCertificate ignores all but first value from Subject's []string{} fieldsFrozenDueToAgeNeedsInvestigation
#18654 opened 4 years ago by joemiller
Go 1.8's SystemCertPool() on Windows does not return all Windows root CAsFrozenDueToAgeNeedsFixhelp wanted
#18609 opened 4 years ago by mkrautz
#18224 opened 4 years ago by YoshikiShibata
#18203 opened 4 years ago by phacker
#18141 opened 4 years ago by quentinmit
#17972 opened 4 years ago by nhooyr
#17732 opened 4 years ago by AxbB36
certificates at /etc/ssl/certs/ ignored on FreeBSD, etcFrozenDueToAgeNeedsInvestigationOS-FreeBSDhelp wanted
#16920 opened 4 years ago by buro1983
distributionPointName not compliant with RFC 5280FrozenDueToAge
#16858 opened 4 years ago by zhengping12
#16836 opened 4 years ago by tv42
bad error messageFrozenDueToAge
#16834 opened 4 years ago by joneskoo
#16800 opened 4 years ago by ramoas
#16763 opened 4 years ago by agl
#16686 opened 4 years ago by jefferai
#16660 opened 4 years ago by ghost
#16603 opened 4 years ago by jefferai
error "x509: certificate signed by unknown authority" on valid SSL chainFrozenDueToAgeNeedsInvestigation
#16589 opened 4 years ago by rasky
darwin only loads system.root keychain should also load system keychainFrozenDueToAgeNeedsFixOS-Darwinhelp wantedrelease-blocker
#16532 opened 4 years ago by jostockley
#16508 opened 4 years ago by bradfitz
0xb01dfacedebac1e crash on Mac OS X 10.8FrozenDueToAge
#16473 opened 4 years ago by bradfitz
#16347 opened 4 years ago by floridoo
#16166 opened 4 years ago by szank
#15958 opened 4 years ago by lwithers
#15749 opened 4 years ago by mckn
#15452 opened 4 years ago by runeaune
Wrong error text when failing to unmarshal key-idFrozenDueToAge
#15371 opened 4 years ago by phayes
#15256 opened 4 years ago by huang195
AuthorityKeyId on self-signed certificatesFrozenDueToAge
#15194 opened 4 years ago by vanbroup
#14955 opened 4 years ago by jsha
invalid implementation of Permitted DNS NamesFrozenDueToAge
#14833 opened 4 years ago by ayufan
#14776 opened 4 years ago by perillo
#14688 opened 4 years ago by ianlancetaylor
oidSignatureDSAWithSHA256 has incorrect valueFrozenDueToAge
#14663 opened 4 years ago by AGWA
#14649 opened 4 years ago by voutasaurus
#14514 opened 4 years ago by mwielgoszewski
#14512 opened 4 years ago by wpc
better documentation for ParsePKIXPublicKeyFrozenDueToAge
#14355 opened 5 years ago by dndx
#14311 opened 5 years ago by raspy
#14129 opened 5 years ago by nurio
#14125 opened 5 years ago by boumenot
#14022 opened 5 years ago by lifeforms
#13931 opened 5 years ago by hujun-open
#13739 opened 5 years ago by nejisama
Panics on some ECDSA keysFrozenDueToAge
#13699 opened 5 years ago by hlandau
#13519 opened 5 years ago by rolandshoemaker
add support for marshalling PKCS#8 private keysFrozenDueToAge
#13487 opened 5 years ago by AGWA
export systemRootsPool or equivilantFrozenDueToAge
#13335 opened 5 years ago by phemmer
#12184 opened 5 years ago by deafgoat
add /etc/ssl/certs to certificate directoriesFrozenDueToAge
#12139 opened 5 years ago by deafgoat
x509 DN orderingFrozenDueToAge
#11966 opened 5 years ago by szechyjs
Go uses the wrong type for parsing CSR attributesFrozenDueToAge
#11897 opened 5 years ago by agl
cannot build for iOS simulatorFrozenDueToAge
#11736 opened 5 years ago by crawshaw
#11730 opened 5 years ago by chai2010
division by zeroFrozenDueToAge
#11233 opened 5 years ago by dvyukov
input not full blocksFrozenDueToAge
#11215 opened 5 years ago by dvyukov
test is sometimes very slowFrozenDueToAge
#10692 opened 5 years ago by rsc
reading certificates from PKCS12 files FrozenDueToAge
#10621 opened 5 years ago by paulmey
ParsePKIXPublicKey ignores tail of ASN.1 encodingFrozenDueToAge
#10583 opened 5 years ago by rsc
#10459 opened 5 years ago by nathany
Support MD5 signatures for certificatesFrozenDueToAge
#10436 opened 5 years ago by gonzojive
#10431 opened 5 years ago by mvanotti
#10421 opened 5 years ago by SunRunAway
#10171 opened 5 years ago by diogomonica
#9964 opened 6 years ago by mvanotti
#9834 opened 6 years ago by agl
matchHostnames doesn't work with absolute domain namesFrozenDueToAge
#9828 opened 6 years ago by rubyist
missing certificate location on netbsdFrozenDueToAge
#9285 opened 6 years ago by 0-wiz-0
#9146 opened 6 years ago by gopherbot
certFiles needs updating for Solaris 11.2+FrozenDueToAge
#9078 opened 6 years ago by gopherbot
typo in CreateCertificateRequest docsFrozenDueToAge
#8936 opened 6 years ago by gopherbot
ParsePKCS8PrivateKey does not support loading DSA keysFrozenDueToAge
#8919 opened 6 years ago by gopherbot
cert from google fails to parseFrozenDueToAge
#8387 opened 6 years ago by gopherbot
failed to load system roots and no roots provided.FrozenDueToAge
#8349 opened 6 years ago by gopherbot
#8265 opened 6 years ago by gopherbot
An invalid certificate chain may be returned by "Certificate.Verify(opts VerifyOptions)"FrozenDueToAge
#8029 opened 6 years ago by gopherbot
No expected chain matchedFrozenDueToAge
#7824 opened 6 years ago by peterGo
#7523 opened 6 years ago by rsc
#7516 opened 6 years ago by gopherbot
support DSA keys.FrozenDueToAge
#6868 opened 7 years ago by hanwen
#6831 opened 7 years ago by gopherbot
error in documentation for CreateCertificateFrozenDueToAge
#6633 opened 7 years ago by jstemmer
#6391 opened 7 years ago by gopherbot
#6267 opened 7 years ago by dsymonds
does not expose URIs in SubjectAltName extensionFrozenDueToAge
#5752 opened 7 years ago by gopherbot
support CSRsFrozenDueToAge
#5303 opened 7 years ago by gopherbot
respect SignatureAlgorithm in CreateCertificateFrozenDueToAge
#5302 opened 7 years ago by gopherbot
certificate with signature RMD160 shows wrong error messageFrozenDueToAgeNeedsInvestigationhelp wanted
#5301 opened 7 years ago by gopherbot
confusing error for missing hash functionFrozenDueToAge
#5058 opened 7 years ago by rsc
Wildcard Cerficate Validation WeaknessFrozenDueToAge
#4658 opened 8 years ago by gopherbot
windows test exe crashes while calling syscall.CertGetCertificateChain during TestSystemVerifyFrozenDueToAgeUnfortunate
#4165 opened 8 years ago by gopherbot
allow cert bundle path to be set by environment variableFrozenDueToAge
#3905 opened 8 years ago by gopherbot
cannot parse Facebook certFrozenDueToAge
#3731 opened 8 years ago by gopherbot
TLS connection problems due to cert verification failureFrozenDueToAge
#993 opened 10 years ago by gopherbot
#988 opened 10 years ago by gopherbot