Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
proposal: crypto/tls: Authority Information Access support #31773
I am using Go to proxy image requests from an email client (to mask the IP addresses of our users), but there are some images that load in Gmail, but fail to load in our email client.
Investigating this, it seems likely that the problem is that go does not support the "Authority Information Access" extension, which allows a certificate like the one below (in use by AT&T) to validate even though the server does not pass back the entire certificate chain.
I have verified that the intermediate does not appear in my Trust Store and that the image can be loaded in Chrome, Firefox and Safari. I can also see that the image does not load using curl (issue), or using the go standard library.
I would like to propose that go's tls stack support AIA. In particular the subset of AIA that enables loading id-ad-caIssuers over HTTP as defined in https://tools.ietf.org/html/rfc5280#section-18.104.22.168.
It could either be enabled by default, which would allow