-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Unknown
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
-
Go Drivers
-
None
-
None
-
None
-
None
-
None
-
None
Context
youmark/pkcs8 is not a well-used library that we use to parse sensitive data, it would be best to remove this dependency from the driver.
Definition of done
Recommend copying the minimal code from https://github.com/youmark/pkcs8 required for the Go Driver. Here is a gist of what we would need.
Pitfalls
Maintaining our own PEM layer will lead to CVEs that we directly have to account for.
- is documented by
-
GODRIVER-3159 CVE-2023-48795, CVE-2023-42818 known vulnerability in youmark/pkcs8
-
- Closed
-