crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

sgmiller · 2022-07-18T21:12:01Z

Issue to track potentially backporting an eventual CL for #53754

toothrot · 2022-07-19T20:05:53Z

Please consider adding rationale as per https://go.dev/wiki/MinorReleases.

sgmiller · 2022-07-19T20:10:44Z

Rationale for backporting is that this can allow CSRs to be generated which are not valid (mismatching subject) which has security implications to the revocation process. There is also no work-around, meaning no way to write a Go program that works with these certificates within a revocation list.

toothrot added the CherryPickCandidate Used during the release process for point releases label Jul 19, 2022

toothrot added this to the Go1.19 milestone Jul 19, 2022

dmitshur modified the milestones: Go1.19, Go1.19.1 Aug 2, 2022

dmitshur changed the title ~~crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issueraffected/package [1.19 backport]~~ crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] Aug 3, 2022

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

sgmiller commented Jul 18, 2022

toothrot commented Jul 19, 2022

sgmiller commented Jul 19, 2022

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

crypto/x509: Incorrect TBSCertificateList.Issuer field when using non-pkix.Name-encodable Issuer [1.19 backport] #53944

Comments

sgmiller commented Jul 18, 2022

toothrot commented Jul 19, 2022

sgmiller commented Jul 19, 2022