You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
certificate verification
About this tag
Certificate verification is a critical security process that ensures digital certificates are valid and trusted. On WindowsForum.com, recent discussions highlight vulnerabilities in Go's X.509 certificate verification, specifically CVE-2026-27138 and CVE-2026-27137. CVE-2026-27138 involves a panic during certificate chain verification when an intermediate or leaf certificate contains an empty DNS name alongside excluded name constraints, potentially crashing applications. CVE-2026-27137 is a correctness bug where email-address name constraints are ignored under certain conditions, allowing invalid certificate chains to be accepted. Both issues affect Go 1.26 and are fixed in Go 1.26.1. These threads emphasize the importance of keeping software updated and understanding certificate verification pitfalls for developers and IT professionals.
A new security advisory affecting the Go standard library's crypto/x509 package — tracked as CVE-2026-27138 — warns that certificate chain verification can panic when an intermediate or leaf certificate contains an empty DNS name while another certificate in the same chain includes excluded name...
A subtle correctness bug in Go’s X.509 verification code — tracked as CVE-2026-27137 — can cause certificate chains to ignore multiple email-address name constraints when those constraints share the same local-part but differ by domain. The practical upshot: under specific conditions a...