Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: AuthorityKeyId on self-signed certificates #15194
The crypto/x509 package is setting the AuthorityKeyId by default for all certificates including CA certificates. While this is not wrong according to RFC5280 section 184.108.40.206, it states that setting the authorityKeyIdentifier is optional for self-signed certificates.
I would like to remove the AuthorityKeyId from self-signed certificates to save about 20+ bytes in these certificates which is useful in constraint environments.
To adopt this change a small change to the following condition is required:
I'm happy to submit this change if agreed that this is an improvement to Go.