Doing some work with TLS 1.3 in both Go and Java, I recently found that Go ignores Key Usage status flags <https://github.com/golang/go/blob/master/src/crypto/x509/verify.go#L681-L717>. On the other hand, Java's implementation checks key usage following the RFC. I'm thinking in particular about the digital signature signature bit <https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2.2>:
> the digitalSignature bit MUST be set if the Key Usage extension is present Reading the comment in verify.go <https://github.com/golang/go/blob/master/src/crypto/x509/verify.go#L681-L717>, I see that Go didn't implement this feature given its inconsistent usage in the world. Is my understanding correct? -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/58b16998-e33f-4a1b-bcb3-6a9295493b3en%40googlegroups.com.
