Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

Open
sgmiller opened this issue Jul 18, 2022 · 2 comments
Labels
CherryPickCandidate
Milestone

Comments

@sgmiller
Copy link

@sgmiller sgmiller commented Jul 18, 2022

Issue to track potentially backporting an eventual CL for #53754

@toothrot
Copy link
Contributor

@toothrot toothrot commented Jul 19, 2022

Please consider adding rationale as per https://go.dev/wiki/MinorReleases.

@toothrot toothrot added the CherryPickCandidate label Jul 19, 2022
@toothrot toothrot added this to the Go1.19 milestone Jul 19, 2022
@sgmiller
Copy link
Author

@sgmiller sgmiller commented Jul 19, 2022

Rationale for backporting is that this can allow CSRs to be generated which are not valid (mismatching subject) which has security implications to the revocation process. There is also no work-around, meaning no way to write a Go program that works with these certificates within a revocation list.

@dmitshur dmitshur modified the milestones: Go1.19, Go1.19.1 Aug 2, 2022
@dmitshur dmitshur changed the title crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issueraffected/package [1.19 backport] crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CherryPickCandidate
Projects
None yet
Development

No branches or pull requests

3 participants