New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: unable to parse certificate parsable by Java #33259
Comments
How was the certificate generated? |
@Freeaqingme This is a certificate generated from third-party sdk and the generate code is closed source. I think this post will help: https://groups.google.com/forum/#!topic/golang-nuts/SCzlQPNfURk Should crypto/x509 be lenient in parsing ? |
Looking at that other thread, in the golang-nuts
The relevant code here is x509.ParseCertificate If e.Value is a single byte, of value 0 as described, then attempt to Unmarshal would fail when it calls into parseTagAndLength It appears that some leniency was added when iterating the array of distributionPoint per line 1504 of x509.go checking name. Perhaps some upfront checks on this field, and possibly others, for "empty value" type conditions could be added for leniency. Alternatively, giving clarity on the "truncated tag or length" for this specific condition in x509.go |
I don't think it makes sense to add an exception here, the provided certificate is very badly encoded. I'm actually quite surprised Java will happily parse it. The |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I have a pem which can parsed correctly in java, such as code below:
But in Golang, the code below will return err:
What did you expect to see?
I think x509 implement would be the same and golang code could parse certificate correctly.
What did you see instead?
golang output is:
panic: failed to parse certificate: asn1: syntax error: truncated tag or length
The text was updated successfully, but these errors were encountered: