der-encoding
×
8
0
Daniel Mangum demonstrates a critical vulnerability in Go's X.509 certificate verification where certificates differing by only two bytes (0x13 vs 0x0c ASN.1 tag bytes) pass or fail verification, revealing a tag-confusion bug in Go's certificate parsing that OpenSSL accepts correctly.