Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: certificate with signature RMD160 shows wrong error message #5301

Closed
gopherbot opened this issue Apr 17, 2013 · 19 comments
Closed

crypto/x509: certificate with signature RMD160 shows wrong error message #5301

gopherbot opened this issue Apr 17, 2013 · 19 comments

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Apr 17, 2013

by raul.san@sent.com:

When it's used a certificate with signature algorithm RMD160 (created with OpenSSL), the
error message is:

x509: certificate signed by unknown authority

It should show a error message according to the real problem.
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Apr 17, 2013

Comment 1 by raul.san@sent.com:

Related to: https://groups.google.com/forum/?fromgroups=#!topic/golang-nuts/0zFsLU3ASdE
@davecheney
Copy link
Contributor

@davecheney davecheney commented Jun 1, 2013

Comment 2:

Can you please provide a test RMD160 signed cert and some sample code we can use for a
test case.

Status changed to WaitingForReply.

@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jun 1, 2013

Comment 3 by raul.san@sent.com:

The package x509 does not support RMD160 for the signature algorithm.
http://golang.org/pkg/crypto/x509/#SignatureAlgorithm
However, somebody can to use OpenSSL to create a certificate with that signature and try
to use it in Go; then you'll see the failure.
@davecheney
Copy link
Contributor

@davecheney davecheney commented Jun 1, 2013

Comment 4:

Right, so if you can please provide a RD160 cert, then we can use that to create a test
fixture.
@davecheney
Copy link
Contributor

@davecheney davecheney commented Jun 15, 2013

Comment 6:

ping.
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jun 15, 2013

Comment 7 by raul.san@sent.com:

pong! I had forgot about it. I'll try to create it today or tomorrow.
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jun 17, 2013

Comment 8 by raul.san@sent.com:

In the attachment, there are a stuff related to certificate built with SHA1 digest and
another one with RPM160.
To run the test:
$ go run x509.go -rpmd
client: dial: x509: certificate signed by unknown authority
$ go run x509.go -sha1
November Rain
result: true
* * *
Like you can check, when it is used the certificate with signature algorithm RMD160, it
shows the error: 
x509: certificate signed by unknown authority

Attachments:

  1. cert.tgz (5699 bytes)
@rsc
Copy link
Contributor

@rsc rsc commented Jul 30, 2013

Comment 9:

Labels changed: added priority-later, go1.2maybe, removed priority-triage.

Status changed to Accepted.

@rsc
Copy link
Contributor

@rsc rsc commented Jul 30, 2013

Comment 10:

Labels changed: added feature.

@robpike
Copy link
Contributor

@robpike robpike commented Aug 30, 2013

Comment 11:

Not for 1.2.

Labels changed: removed go1.2maybe.

@rsc
Copy link
Contributor

@rsc rsc commented Nov 27, 2013

Comment 12:

Labels changed: added go1.3maybe.

@rsc
Copy link
Contributor

@rsc rsc commented Nov 27, 2013

Comment 13:

Labels changed: removed feature.

@rsc
Copy link
Contributor

@rsc rsc commented Dec 4, 2013

Comment 14:

Labels changed: added release-none, removed go1.3maybe.

@rsc
Copy link
Contributor

@rsc rsc commented Dec 4, 2013

Comment 15:

Labels changed: added repo-main.

@gopherbot
Copy link
Author

@gopherbot gopherbot commented Jan 3, 2014

Comment 16 by dskloet:

I'm getting this error when trying to fetch https://api.bitfinex.com/v1/ticker/btcusd
How can I tell if it's the same problem and if it is, is there a work around?
@rsc rsc added this to the Unplanned milestone Apr 10, 2015
@bradfitz bradfitz modified the milestones: Go1.9Maybe, Unplanned Feb 1, 2017
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Feb 1, 2017

Anybody: does this still happen? Repro?

@odeke-em
Copy link
Member

@odeke-em odeke-em commented Mar 21, 2017

@bradfitz yes, it is still gives the same error

$ go run x509.go -rpmd
client: dial: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "Foo Certification Authority - RMD160")
exit status 1

However this bug is a duplicate of #7735 opened by @agl (a year after that one), however @agl's bug and title are focused on fixing the actual problem which is an improved error message when the hash is not supported/wasn't compiled in.

I untar'd raul.san@sent.com's repro in #5301 (comment) and uploaded it to my Github issues tracker https://github.com/odeke-em/bugs/tree/master/golang/5301, if anyone wants to run it.

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Mar 21, 2017

Okay, I'll close this one then and we can use #7735 instead. Thanks.

@gopherbot
Copy link
Author

@gopherbot gopherbot commented Oct 13, 2017

Change https://golang.org/cl/42143 mentions this issue: crypto/x509: hint that algo was not compiled in

@golang golang locked and limited conversation to collaborators Oct 13, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.