Open
Description
Go version
go version go1.23.2 linux/amd64
Output of go env in your module/workspace:
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/liu/.cache/go-build'
GOENV='/home/liu/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/liu/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/liu/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/snap/go/10730'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/snap/go/10730/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.2'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/liu/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3084352486=/tmp/go-build -gno-record-gcc-switches'What did you do?
Use x509.ParseCertificate(derBytes) to parse the der certificate
What did you see happen?
A critical examine of the aia extension:authority info access incorrectly marked critical
Authority Information Access is described in RFC5280: Conforming CAs MUST mark this extension as non-critical.
Other extensions with the same description in RFC5280 are not checked, such as:
Subject Information Access: Conforming CAs MUST mark this extension as non-critical.
Policy Constraints: Conforming CAs MUST mark this extension as non-critical.
What did you expect to see?
For certificates marked as critical, such as Subject Information Access and Policy Constraints, parsing errors will also occur.