Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: RSA certs with PSS signatures cannot be verified #15958
Attempting to verify an RSA certificate which has been signed using PSS will fail with an error
This can be observed with this (self-signed) certificate, which can be validated with e.g.
There is also a simple demonstration program at https://play.golang.org/p/bO_qiPmi9k
I have tried this with both:
on this machine:
I don't believe that any of the big-name certificate authorities are currently issuing RSA-PSS certificates, so they are likely to be quite uncommon in the wild.
However, there are some applications that use them. The certificate I attached is part of a list curated and published by the ICAO (International Civil Aviation Organisation) in what it calls the PKD (public key directory; see http://www.icao.int/security/mrtd/pages/ICAOPKD.aspx). These are basically the certificates used to verify the signatures in ePassports.
Thank you very much for the test set. I've updated the CL with the following changes:
With that, all the test certificates validate.