Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fails to parse malformed Nuvoton EK certs with leading 0s in serial number #362

Open
mjg59 opened this issue Jan 24, 2024 · 1 comment
Open

Fails to parse malformed Nuvoton EK certs with leading 0s in serial number #362

mjg59 opened this issue Jan 24, 2024 · 1 comment

Comments

@mjg59
Copy link
Collaborator

mjg59 commented Jan 24, 2024

03018e6 switched from using certificate-transparency/x509 to crypto/x509. This means that x509 certificates are parsed more strictly. Nuvoton, at least, issued some EK certificates with leading 0s in the serial number - this is a spec violation and crypto/x509 rejects them. Unfortunately I'm not in a position to get all of these reissued, so would it be possible to switch back to using certificate-transparency? This has the unfortunate outcome that some of the x509 object API is visible to consumers, so consumers who already switched from certificate-transparency/x509 to crypto/x509 would have to switch back unless we find a reasonable way to abstract that.
@mjg59
Copy link
Collaborator Author

mjg59 commented Jan 24, 2024

Cc: @josephlr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mjg59