crypto/x509: Certificates with an Email ... failed parsing cause of @ versus ASN1 + InsecureSkipVerify never check #52964
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes, it's the latest
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I want test my code with postman proxy feature for capture the requests for debugging calls
set postman proxy enable
set env:
Use this code: https://go.dev/play/p/-ZSKEDqWyL8
You will get an output like this:
What did you expect to see?
This certificate is valid for many tools (check below), so the parsing of this certificate must be ok.
"Or" InsecureSkipVerify maybe bypass the handshake ???
With the current implementation I have no way to bypass this check.
What did you see instead?
Certificate not parsed, cause an email with an "@" is not parsed.
Failure in this method:
go/src/crypto/x509/parser.go
Lines 30 to 51 in 5f2fdbe
Which not accept "@"
When I see the comments, I think we can add a block for
'@'
Additionals informations
The certificate:
postman-proxy-ca.original.crt.zip
The detail of this certificate
the openssl asn1parse result of this cert
we can see the mail didn't cause any problem
I dont know why this problem is not for all certificate, all CA are without email ???? or mayby i'm doing something wrong :)
At least If someone have a way to bypass this check ?
The text was updated successfully, but these errors were encountered: