crypto/x509: ExtKeyUsageAny bypasses policy validation

[rolandshoemaker]

Due to how policy validation was implemented, passing VerifyOptions.KeyUsages containing ExtKeyUsageAny unintentionally disables policy validation. These two properties are unrelated, and disabling key usage validation shouldn't disable policy validation.

This is a security issue, but due to the rarity of policy validation, and because it requires the user to explicitly set ExtKeyUsageAny, which is also rare, we are treating this as a PUBLIC track security issue, per the Go Security policy.

Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this issue.

This is CVE-2025-22874.

[gopherbot]

Change https://go.dev/cl/670375 mentions this issue: crypto/x509: decouple key usage and policy validation

[gabyhelp]

Related Code Changes

• crypto/x509: decouple key usage and policy validation

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[rolandshoemaker]

@gopherbot please backport issue for Go 1.24.

[gopherbot]

Backport issue(s) opened: #73700 (for 1.24).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

[gopherbot]

Change https://go.dev/cl/672316 mentions this issue: [release-branch.go1.24] crypto/x509: decouple key usage and policy validation