Description
What version of Go are you using (go version)?
$ go version go version go1.16.6 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/root/.cache/go-build" GOENV="/root/.config/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/root/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/lib/golang" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/lib/golang/pkg/tool/linux_amd64" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build757437385=/tmp/go-build -gno-record-gcc-switches"
What did you do?
We are trying to upgrade our bullds from go 1.14.4 to latest release. However, blocked by this issue: creating an x509.Certificate with valid signed by a CA w/ BasicConstraints: true set using a self-signed RSA keypair. The certificate has some custom ASN.1 keypair/values under ExtraExtensions. The certificate fails to parse because there is always an extra pkix.Extension element containing some unparseable ASN.1 data which was not being added in go 1.14.x along with the enbdedded ASN.1 blocks . This issue is observed w/ all releases go 1.15 onwards.
Note: Issue is not observed when:
IsCA: false
What did you expect to see?
No error
What did you see instead?
Failure unmarshalling ASN1 Attributes: asn1: structure error: tags don't match (19 vs {class:2 tag:0 length:20 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} string @2