New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
asn1: syntax error: trailling data #40545
Comments
It worth mentioning the same certificate works using: https://github.com/eclipse/paho.mqtt.rust, I can connect to my broker and subscribe/publish without any problem, but doesn't work in golang The original certificate is:
since golang tls doesn't like |
This is not a bug. The DER structure of the certificate contains an X509v1 certificate and an additional sequence with usage information. You need to verify your certificate generation procedure and ensure that x509v3 certificates are produced that include the usage information or omit the usage information. You can check that with
If those 14 bytes (hl+l=2+12=14) are removed, then the certificate can be parsed. Here is a test program: I regard the Go behavior as correct even if openssl seems to support this structure. It should not be possible to add information to a certificate that the Certificate Authority has not signed. |
@ulikunitz thanks for your great info. I'll check how to generate valid certificate which can be used by parsed correctly by go |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
use paho.mqtt.golang's example code for tls and add my own root-ca, client-cert, client-key etc
https://github.com/eclipse/paho.mqtt.golang/blob/master/cmd/ssl/main.go
it gives an error on this certificate
What did you expect to see?
It works
What did you see instead?
It doesn't work
The text was updated successfully, but these errors were encountered: