crypto/x509: Trailing data in the IssuerAlternativeName extension value does not return an error when parsing certificate. #23016
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?go version go1.9.2 darwin/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?osx
What did you do?
I was investigating some test certificates, and noticed this one:
This looks strange, as the issuer alternative name looks malformed.
Here is the asn.1 decoder link:
The issuer alt name AttributeTypeAndValue value contains two concatanated ASN.1 structs.
One is an empty sequence (0x30,0x00) followed by empty primitive value (context specific tag) (0x82,0x00)
Here is the
openssl asn1parse
dump (relevant part):Shouldn't it return an error? Openssl doesn't complain, but it is very permissive anyway. Go is much more strict, so I thought you guys might want to guard against this kind of encoding errors.
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
https://play.golang.org/p/SCivmG9m88
What did you expect to see?
error
What did you see instead?
no errors
The text was updated successfully, but these errors were encountered: