Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: SKID generation is over full spki, rather than just the subjectPublicKey #39429
https://go-review.googlesource.com/c/go/+/227098 introduced automatic SKID generation when one isn't provided using method (1) from RFC 5280 Section 18.104.22.168. The hash provided is over the full SPKI structure, rather than just the subjectPublicKey BIT STRING as defined, which makes it out of line with certain other implementations that assume this is how the SKID is generated.
This is unlikely to break anything major, but if the goal is to use the RFC 5280 method as defined it would make sense to stick to that construction.