crypto/x509: Verify allows serialNumber larger than 20 octets

[dulanshuangqiao]

Go version

go version go1.23.2 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/liu/.cache/go-build'
GOENV='/home/liu/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/liu/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/liu/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/snap/go/10730'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/snap/go/10730/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.2'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/liu/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build578094757=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Perform certificate verification
go run go_verify.go
The execution result is passed verification
Certificate is valid!
I provide the test case used：certs&program.zip

What did you see happen?

RFC5280 states: Conforming CAs MUST NOT use serialNumber values longer than 20 octets.
GnuTLS performs this check during validation and refuses to accept such certificates.

certtool --verify --load-ca-certificate RootCA.pem --infile Cert174065870010.pem：
Loaded CAs (1 available)
|<2>| error: serial number value is longer than 20 octets
error parsing CRTs: Error in the certificate.
Setting log level to 10

What did you expect to see?

Validation failed

[mateusz834]

See CL 589615.

CC @rolandshoemaker

[dulanshuangqiao]

See CL 589615.

CC @rolandshoemaker

The GnuTLS results I provide as a comparison are based on gnutls-3.8.9 (2025-02-08)

[gabyhelp]

Related Issues

• crypto/x509: should error if non-CA certificate contains name constraints #71795
• crypto/x509: CreateCertificate creates invalid serial number field #33310 (closed)
• crypto/x509: invalid certificate policies #65990 (closed)
• crypto/x509: Verify should reject certificates with empty issuers #71832
• crypto/x509: malformed signature algorithm identifier error while version and serialNumber swapped #70269
• crypto/x509: verify checks root certificate #28971
• crypto/x509: ParseCertificate fails with "net/url: invalid userinfo" #69930 (closed)
• crypto/x509: wrong result checking signature of CSR with unordered multi-value RDN #49519

Related Code Changes

• crypto/x509: reject serial numbers longer than 20 octets
• crypto/x509: don't allow too long serials

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[JunyangShao]

@golang/security

[rolandshoemaker]

There is unfortunately not really anything we can do here. We tried restricting serials to 20 octets, and the public PKI works fine, but far far too many private PKIs get this horribly wrong and the breakage we saw was not worth enforcing this constraint.

[dulanshuangqiao]

There is unfortunately not really anything we can do here. We tried restricting serials to 20 octets, and the public PKI works fine, but far far too many private PKIs get this horribly wrong and the breakage we saw was not worth enforcing this constraint.

Thanks for your reply.
GnuTLS-3.8.9 adds this check under the --enable-strict-x509 configuration option. For reference, can this issue be made into a feature, and whether to enable this restriction is decided by the configuration option?

[ianlancetaylor]

It is possible, but every configuration knob is an expense for maintenance, testing, and code comprehension. We wouldn't do it just because we can. We would only do it if there is a good reason for it.