Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: code signing certificates fail to verify in macOS Ventura and later #63995

Closed
sinukus opened this issue Nov 7, 2023 · 3 comments
Closed

crypto/x509: code signing certificates fail to verify in macOS Ventura and later #63995

sinukus opened this issue Nov 7, 2023 · 3 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Darwin WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Milestone
Backlog

Comments

@sinukus
Copy link

sinukus commented Nov 7, 2023

What version of Go are you using (go version)?

 go1.22 (darwin/arm64)

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
macOS Ventura 13.6.1, M1 Max

What did you do?

When trying to validate a code signing certificate chain with a public certificate authority. The OS responds with "certificate is not standards compliant" on Ventura or later. Earlier versions of mac OS do not fail.

This is due to go assuming all certificates are SSL certificate, and use a SSL policy when validating the chain

What did you expect to see?

I expected the chain to validate with signature is valid, signing date: ..etc

What did you see instead?

"certificate is not standards compliant"
@mauri870 mauri870 added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 8, 2023
@mauri870
Copy link
Member

mauri870 commented Nov 8, 2023

If possible could you share a minimal code that reproduces the issue? Thanks

@mauri870 mauri870 added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Nov 8, 2023
@mauri870 mauri870 changed the title macOS Ventura and later/ X509 code signing certificates fail to verify crypto/x509: code signing certificates fail to verify in macOS Ventura and later Nov 8, 2023
@gopherbot
Copy link

Change https://go.dev/cl/540695 mentions this issue: X509: fix codesigning on macOS Ventura

@bcmills bcmills added this to the Backlog milestone Nov 8, 2023
@gopherbot
Copy link

Timed out in state WaitingForInfo. Closing.

(I am just a bot, though. Please speak up if this is a mistake or you have the requested information.)

@gopherbot gopherbot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. OS-Darwin WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@sinukus @bcmills @gopherbot @mauri870