PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
I've encountered a weird issue where signed certificates sometimes does not verify against their CA public key. It rarely happens, only once in couple of thousands signatures, and it only happens with crypto.X509Certificate.verify function (pkijs.Certificate verify does return true). I'm not sure if the issue is somewhere in your code or webcrypto's, I was hoping you could confirm that.
Replication code (includes both the check that does work and the one that doesn't):
I've encountered a weird issue where signed certificates sometimes does not verify against their CA public key. It rarely happens, only once in couple of thousands signatures, and it only happens with crypto.X509Certificate.verify function (pkijs.Certificate verify does return true). I'm not sure if the issue is somewhere in your code or webcrypto's, I was hoping you could confirm that.
Replication code (includes both the check that does work and the one that doesn't):