crypto/x509: ParseCertificate duplicate extensions errors should include OID of the affected extension #66880
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Comments
Techassi
changed the title
|
cc @FiloSottile @rolandshoemaker @golang/security |
cherrymui
added
the
NeedsInvestigation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I recently ran into the issue that generated X.509 certificates very rejected by Go due to containing duplicate extensions. The exact extension was not reported in the error message, which made the debugging process rather complicated - it required manual changes in the standard library. The current error message reads:
x509: certificate contains duplicate extensions.Therefore, I would like to propose to change the error message to include the detected duplicate OID. The error message could then look like:
x509: certificate contains duplicate extension {oid}. Feel free to suggest a different error message format.I'm also happy to contribute the required changes in a separate PR if it is decided to move forward.
References
The text was updated successfully, but these errors were encountered: