Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
encoding/asn1: correctly rejects @ char in PrintableString in invalid cert #12767
I am currently working on porting an internal https based service that uses client certificates to establish secure connections and am running into problems where the client certificate fails to be parsed by
Quick fix: (asn1.go
But not sure how well this will be accepted. Please advice. Thanks.
The client certificate I was given to use has a
^^ Not sure how in the world that got in there.
It's interesting how other libs and langs handle this ugly issue gracefully. I've tried: curl, objective-c, nodejs, php, and openssl s_client and they all seem to be parsing the the cert without strictly validating the strings. I can easily change the encoding type in the binary blob from
Can you get a valid certificate?
In general we don't want to cater to all possible ways a certificate might be broken. If this kind of thing is endemic in the wild then we might make an exception, but if it's just a one-time mistake, it's not appropriate for the Go standard library to sanction it.
It sounds like you know a workaround (recompile your version of Go).
Unless there is evidence this kind of problem affects many many users, I think we'll stick with spec compatibility.