Thanks for heads-up! I am working on golang-go.crypto 0.43.0, that wouldn't really be a problem related to this, right? Presumable the change below is for some good reason, in which case we ought to fix the breakage rather than holding back package updates. /Simon Reinhard Tartler <siretart@gmail.com> writes: > Dear fellow Debian Golang Packagers, > > I am writing to give you a heads-up about a subtle change in Golang 1.25.2 > that makes X.509 certificate verification more strict in the `crypto/x509` > package, which is part of the standard library. The change in question is > https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4 > and I expect it to break rebuilds of several golang packages in Debian. > > Specifically, the DNS in the X.509v3 Subject Alternative Name can no longer > be empty (cf. > https://github.com/etcd-io/etcd/pull/20775#issuecomment-3385325872). This > change caused #1117747. I have also seen a similar issue when rebuilding > `sigstore-go`, and I plan to file a proper bug report later. > > I hope this heads-up saves valuable time for others who are surprised by > test failures containing the error: "x509: SAN rfc822Name is malformed". > > > > Best regards, > Reinhard
Attachment:
signature.asc
Description: PGP signature