crypto/x509: enable strict domain name validation during creation and parsing

[rolandshoemaker]

In https://go.dev/cl/709854 for CVE-2025-58187 we enabled strict validation of domain names in SANs and constraints. This broke a number of users as we previously allowed creation of certificates that contained these malformed domain names (see #75828 for further details), even if they would've failed verification when we got to constraint checking (if a chain contained any constraints).

We should re-enable this strict validation, but we should flag it with a GODEBUG, and we should additionally enforce it in CreateCertificate (et al).

[gopherbot]

Change https://go.dev/cl/710735 mentions this issue: crypto/x509: rework fix for CVE-2025-58187

[gabyhelp]

Related Issues

• crypto/x509: Certificate parsing/verification supports non-compliant dNSName constraints #37535 (closed)
• proposal: crypto/x509: flag for more lax certificate parsing #70324 (closed)

Related Code Changes

• [release-branch.go1.25] crypto/x509: improve domain name verification
• crypto/x509: rework fix for CVE-2025-58187
• crypto/x509: improve domain name verification
• [release-branch.go1.24] crypto/x509: improve domain name verification

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[gopherbot]

Change https://go.dev/cl/710677 mentions this issue: [release-branch.go1.25] crypto/x509: rework fix for CVE-2025-58187

[gopherbot]

Change https://go.dev/cl/710879 mentions this issue: [release-branch.go1.24] crypto/x509: rework fix for CVE-2025-58187