Comment 1 by raul.san@sent.com:

Related to: https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/0zFsLU3ASdE

Comment 2:

Can you please provide a test RMD160 signed cert and some sample code we can use for a
test case.

Status changed to WaitingForReply.

Comment 3 by raul.san@sent.com:

The package x509 does not support RMD160 for the signature algorithm.
http://golang.org/pkg/crypto/x509/#SignatureAlgorithm
However, somebody can to use OpenSSL to create a certificate with that signature and try
to use it in Go; then you'll see the failure.

Comment 4:

Right, so if you can please provide a RD160 cert, then we can use that to create a test
fixture.

Comment 6:

ping.

Comment 7 by raul.san@sent.com:

pong! I had forgot about it. I'll try to create it today or tomorrow.

Comment 8 by raul.san@sent.com:

In the attachment, there are a stuff related to certificate built with SHA1 digest and
another one with RPM160.
To run the test:
$ go run x509.go -rpmd
client: dial: x509: certificate signed by unknown authority
$ go run x509.go -sha1
November Rain
result: true
* * *
Like you can check, when it is used the certificate with signature algorithm RMD160, it
shows the error: 
x509: certificate signed by unknown authority

Attachments:

1. cert.tgz (5699 bytes)

Comment 9:

Labels changed: added priority-later, go1.2maybe, removed priority-triage.

Status changed to Accepted.

Comment 10:

Labels changed: added feature.

Comment 11:

Not for 1.2.

Labels changed: removed go1.2maybe.

Comment 12:

Labels changed: added go1.3maybe.

Comment 13:

Labels changed: removed feature.

Comment 14:

Labels changed: added release-none, removed go1.3maybe.

Comment 15:

Labels changed: added repo-main.

Comment 16 by dskloet:

I'm getting this error when trying to fetch https://api.bitfinex.com/v1/ticker/btcusd
How can I tell if it's the same problem and if it is, is there a work around?

Anybody: does this still happen? Repro?

@bradfitz yes, it is still gives the same error

$ go run x509.go -rpmd
client: dial: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "Foo Certification Authority - RMD160")
exit status 1

However this bug is a duplicate of #7735 opened by @agl (a year after that one), however @agl's bug and title are focused on fixing the actual problem which is an improved error message when the hash is not supported/wasn't compiled in.

I untar'd raul.san@sent.com's repro in #5301 (comment) and uploaded it to my Github issues tracker https://github.com/odeke-em/bugs/tree/master/golang/5301, if anyone wants to run it.

Okay, I'll close this one then and we can use #7735 instead. Thanks.

Change https://golang.org/cl/42143 mentions this issue: crypto/x509: hint that algo was not compiled in