Trusted certificates with negative serial numbers are not processed #11
Comments
|
Thanks for leaving this open, it answered all my questions save for one and I just answered that myself. That question being, does the presence of this bad certificate break converting the ones listed after it? The answer is no, it doesn't. |
|
This was fixed with golang/go@a0ea93d and made it into 1.6. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that Go currently doesn't handle certificates with negative serial numbers: https://code.google.com/p/go/issues/detail?id=8265
At present, one of the root certificates in Mozilla's store has a negative serial number. As a result, the output of this tool will not contain all root certificates trusted by Mozilla. Even though this issue is outside the scope of this conversion script, I am submitting this issue so that the problem is documented.
Edit: Sorry, forgot to check previous issues for this problem. I've now seen #3 from 2012. That said, two years later the certificate still remains in Mozilla's root store. I recommend that this issue or #3 are kept open so that others are aware of the problem... until the offending certificate is removed.
The text was updated successfully, but these errors were encountered: