Add server certificates and private keys for various test cases #61
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: taniwa <taniwa@lycorp.co.jp>
Signed-off-by: taniwa <taniwa@lycorp.co.jp>
There was a problem hiding this comment.
Pull Request Overview
This PR adds test coverage for certificates with malformed Subject Alternative Names (SANs) to ensure backward compatibility with Go 1.25.2's stricter X.509 certificate validation. The Go version is updated from 1.25.1 to 1.25.3.
Key Changes:
- Updated Go version from 1.25.1 to 1.25.3
- Added test certificates and private keys with various SAN formatting issues
- Added test cases to verify these certificates load successfully
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Updated Go version to 1.25.3 |
| test/data/trailing_dot_server.key | Private key for certificate with trailing dot in SAN |
| test/data/trailing_dot_server.crt | Certificate with trailing dot in SAN (e.g., example.com.) |
| test/data/malformed_email_server.key | Private key for certificate with malformed email in SAN |
| test/data/malformed_email_server.crt | Certificate with improperly formatted email address in SAN |
| test/data/long_label_server.key | Private key for certificate with DNS label exceeding 63 characters |
| test/data/long_label_server.crt | Certificate with DNS label exceeding 63 characters |
| test/data/leading_dot_server.key | Private key for certificate with leading dot in SAN |
| test/data/leading_dot_server.crt | Certificate with leading dot in SAN (e.g., .example.com) |
| test/data/empty_label_server.key | Private key for certificate with empty label in SAN |
| test/data/empty_label_server.crt | Certificate with empty label in SAN (e.g., example..com) |
| service/tls_test.go | Added test cases for malformed SAN certificates and fixed error handling logic |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
fsul7o
approved these changes
Oct 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
In Go 1.25.2, the verification of X.509 certificate SANs (Subject Alternative Names) has been made stricter.
Certificates like the following are now treated as invalid:
example.com..example.comorexample..comA unit test was added to maintain backward compatibility.
Type of change
Flags
Related issue/PR
Delete this section if there are no issues or pull requests that relate to this pull request.
Checklist
[skip ci]/[ci skip]/[no ci]/[skip actions]/[actions skip]in the PR title if necessaryChecklist for maintainer
Squash and merge[skip ci]/[ci skip]/[no ci]/[skip actions]/[actions skip]