certificate-parsing ×

certificate-parsing

new top best new & best

quality: all 6+ 8+

Fooling Go's X.509 Certificate Verification

Daniel Mangum demonstrates a critical vulnerability in Go's X.509 certificate verification where certificates differing by only two bytes (0x13 vs 0x0c ASN.1 tag bytes) pass or fail verification, revealing a tag-confusion bug in Go's certificate parsing that OpenSSL accepts correctly.

x509-certificate asn1-encoding der-encoding certificate-verification go-vulnerability cryptography certificate-parsing tag-confusion

danielmangum.com · hasheddan· 22 days ago · 15 min · vulnerability · details · hn 2