Skip to content

crypto/x509: ParseCertificate duplicate extensions errors should include OID of the affected extension #66880

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Techassi opened this issue Apr 18, 2024 · 5 comments
Closed

crypto/x509: ParseCertificate duplicate extensions errors should include OID of the affected extension #66880

Techassi opened this issue Apr 18, 2024 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@Techassi
Copy link
Contributor

Techassi commented Apr 18, 2024
edited
Loading

I recently ran into the issue that generated X.509 certificates very rejected by Go due to containing duplicate extensions. The exact extension was not reported in the error message, which made the debugging process rather complicated - it required manual changes in the standard library. The current error message reads: x509: certificate contains duplicate extensions.

Therefore, I would like to propose to change the error message to include the detected duplicate OID. The error message could then look like: x509: certificate contains duplicate extension {oid}. Feel free to suggest a different error message format.

I'm also happy to contribute the required changes in a separate PR if it is decided to move forward.

References
@Techassi Techassi changed the title crypto/x509: ParseCertificate and ParseCertificateRequest duplicate extensions errors should include OID of the affected extension crypto/x509: ParseCertificate duplicate extensions errors should include OID of the affected extension Apr 18, 2024
@cherrymui
Copy link
Member

cc @FiloSottile @rolandshoemaker @golang/security

@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 18, 2024
@cherrymui cherrymui added this to the Backlog milestone Apr 18, 2024
@Techassi
Copy link
Contributor Author

Techassi commented May 3, 2024

Just checking in if there is anything I can help with to move this issue forward?

@rolandshoemaker
Copy link
Member

If you'd like to send a CL for this I'd be happy to review it, otherwise I'll try to get to it before the freeze for 1.23.

@Techassi
Copy link
Contributor Author

Techassi commented May 3, 2024

Alright, happy to do it :) I will send it in asap.

@Techassi Techassi mentioned this issue May 3, 2024
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/583096 mentions this issue: crypto/x509: include OID in duplicate extension error message

@gabyhelp gabyhelp mentioned this issue Oct 25, 2024
Closed
@golang golang locked and limited conversation to collaborators May 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

crypto/x509: include OID in duplicate extension error message Techassi/go
4 participants
@rolandshoemaker @gopherbot @cherrymui @Techassi