You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The library allows empty DirectoryString (e.g., " ") in Distinguished name structures of Issuer and Subject name. (RFC 5280 non-compliant)
You should not allow 0 (zero) as certificate serial number. RFC 5280 says, "The serial number MUST be a positive integer assigned by the CA to each cer- tificate...CAs MUST force the serial Number to be a non-negative integer...Non- conforming CAs may issue certificates with serial numbers that are negative or zero. Certificate users SHOULD be prepared to gracefully handle such certificates."
Crypto allows presence of (version 3) extensions even if the certificate version is 1 or 2.
What did you see happen?
All certificates were accepted
What did you expect to see?
The library should reject such noncompliant certificates
The text was updated successfully, but these errors were encountered:
seankhliao
changed the title
import/path: Reporting Bugs in Certificate Chain Validation
crypto/x509: certificate validation issues
Apr 24, 2024
seankhliao
added
WaitingForInfo
Issue is not actionable because of missing required information, which needs to be provided.
and removed
WaitingForInfo
Issue is not actionable because of missing required information, which needs to be provided.
labels
May 11, 2024
Go version
Go-Crypto v1.21rc2
Output of
go env
in your module/workspace:What did you do?
What did you see happen?
All certificates were accepted
What did you expect to see?
The library should reject such noncompliant certificates
The text was updated successfully, but these errors were encountered: