{"id":22736576,"url":"https://github.com/fredwangwang/go-x509hack","last_synced_at":"2025-03-30T02:44:09.410Z","repository":{"id":129385233,"uuid":"596729402","full_name":"fredwangwang/go-x509hack","owner":"fredwangwang","description":"hack to overcome x509 printablestring parsing","archived":false,"fork":false,"pushed_at":"2024-08-14T16:33:31.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-05T05:22:49.268Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fredwangwang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-02T20:10:10.000Z","updated_at":"2024-08-14T16:33:34.000Z","dependencies_parsed_at":"2024-08-15T12:02:19.356Z","dependency_job_id":null,"html_url":"https://github.com/fredwangwang/go-x509hack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredwangwang%2Fgo-x509hack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredwangwang%2Fgo-x509hack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredwangwang%2Fgo-x509hack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredwangwang%2Fgo-x509hack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fredwangwang","download_url":"https://codeload.github.com/fredwangwang/go-x509hack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246269911,"owners_count":20750319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-10T21:27:48.258Z","updated_at":"2025-03-30T02:44:09.387Z","avatar_url":"https://github.com/fredwangwang.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# x509 PrintableString HACK\n\n# To Use\n\n`import _ \"github.com/fredwangwang/go-x509hack\"`\n\n\n**NOTE**: with go 1.23, [checklinkname](https://github.com/golang/go/issues/67401) is enabled by default.\nTo continue use this in go1.23+, need to compile the project with `-ldflags=-checklinkname=0`\n\n# Rathional\n\nGo's certificate parsing follows strict asn1 standard, where `_` is not considered a valid character set in [PrintableString](https://en.wikipedia.org/wiki/PrintableString).\nIts rule can be seen in the [source code](https://github.com/golang/go/blob/88a36c9e9a511ec6ad218633bce1e82f25e54d35/src/crypto/x509/parser.go#L59))\n\nHowever, there are cases of invalid use of PrintableString to include characters that is not part of asn1 standard. This seems especially true with certificate generated from `.netframework` projects, as I encountered recently. This causes critical issues in integrating with existing infrastructures, where fixing those certificate is just cost prohibitive.\n\nNontheless, other languages (Java/C#, etc) choose to _play nicely_ with this, and standard tools\nlike OpenSSL has no issues to use the certificate neither.\n\nIssues \\([1](https://github.com/golang/go/issues/14017) [2](https://github.com/golang/go/issues/36044)\\) has been raised to Golang in the past without resolution. So not optmistic about it being addressed in the upstream timely in spite of a real product issue.\n\nAlthough I do like when implementation follows the standard closely, as it avoids some pitfalls in unexpected bugs and even security issues. This is one of the cases I think \"be liberal in what you accept\" makes sense. As accepting _non-standard_ chars is de facto the standard.\n\nSo here we are. A hack to bypass parsing checks in asn1 strings.\n\n# NOTE\n\nUSE YOUR OWN JUDGEMENT in using this library. This library removes all checks in parsing asn1 string. This might or might not work for your use case. Similar patching strategy can be used to override certain checks without giving up others.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredwangwang%2Fgo-x509hack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffredwangwang%2Fgo-x509hack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredwangwang%2Fgo-x509hack/lists"}