Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.18 backport] #53943

Closed
sgmiller opened this issue Jul 18, 2022 · 3 comments
Closed

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.18 backport] #53943

sgmiller opened this issue Jul 18, 2022 · 3 comments
Labels
CherryPickCandidate Used during the release process for point releases FrozenDueToAge
Milestone
Go1.18.6

Comments

@sgmiller
Copy link

Issue to track potentially backporting an eventual CL for #53754
@gopherbot gopherbot added this to the Go1.18.5 milestone Jul 18, 2022
@toothrot
Copy link
Contributor

Please consider adding rationale as per https://go.dev/wiki/MinorReleases.

@toothrot toothrot added the CherryPickCandidate Used during the release process for point releases label Jul 19, 2022
@sgmiller
Copy link
Author

Rationale for backporting is that this can allow CSRs to be generated which are not valid (mismatching subject) which has security implications to the revocation process. There is also no work-around, meaning no way to write a Go program that works with these certificates within a revocation list.

@gopherbot gopherbot modified the milestones: Go1.18.5, Go1.18.6 Aug 1, 2022
@dmitshur dmitshur changed the title crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issueraffected/package [1.18 backport] crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.18 backport] Aug 3, 2022
@heschi
Copy link
Contributor

heschi commented Aug 31, 2022

I'm going to close these backport issues for now; there's no point in us reviewing them until the original issue is fixed. Please ping them when that's done.

@heschi heschi closed this as completed Aug 31, 2022
@golang golang locked and limited conversation to collaborators Aug 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickCandidate Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.18.6
Development

No branches or pull requests
4 participants
@toothrot @sgmiller @gopherbot @heschi