Golang cannot parse the root certificate for Alipay payment. x509: unsupported elliptic curve

[mimicode]

Go version

go version go1.22.6 windows/amd64

Output of go env in your module/workspace:

set GO111MODULE=on
set GOARCH=amd64                              
set GOBIN=                                    
set GOCACHE=C:\Users\HR\AppData\Local\go-build
set GOENV=C:\Users\HR\AppData\Roaming\go\env  
set GOEXE=.exe                                
set GOEXPERIMENT=                             
set GOFLAGS=                                  
set GOHOSTARCH=amd64                          
set GOHOSTOS=windows                          
set GOINSECURE=                               
set GOMODCACHE=C:\Users\HR\go\pkg\mod         
set GONOPROXY=               
set GONOSUMDB=               
set GOOS=windows                              
set GOPATH=C:\Users\HR\go                     
set GOPRIVATE=               
set GOPROXY=https://goproxy.cn,direct
set GOROOT=C:/Users/HR/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.6.windows-amd64
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLCHAIN=auto
set GOTOOLDIR=C:\Users\HR\go\pkg\mod\golang.org\toolchain@v0.0.1-go1.22.6.windows-amd64\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.22.6
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=D:\work\code\testcode\go.mod
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=C:\Users\HR\AppData\Local\Temp\go-build2810565051=/tmp/go-build -gno-record-gcc-switches

What did you do?

https://go.dev/play/p/IWbLhFMHQz4?v=goprev

What did you see happen?

When extracting and parsing the certificate, the error message "x509: unsupported elliptic curve" is displayed.

What did you expect to see?

I can get the correct results when using openssl_x509_parse in PHP, but it does not work in Go.

[gabyhelp]

Related Issues and Documentation

• crypto/x509: invalid certificate policies #65990 (closed)
• x/crypto: x509: invalid certificate policies #53773 (closed)
• crypto/x509: ParseCertificate fails with "net/url: invalid userinfo" #69930
• crypto/x509: unable to parse certificate parsable by Java #33259
• crypto/x509: cannot parse certificate IP \& net/http cannot ignore this certificate error #65829 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[mimicode]

Related Issues and Documentation

• crypto/x509: invalid certificate policies #65990 (closed)
• x/crypto: x509: invalid certificate policies #53773 (closed)
• crypto/x509: ParseCertificate fails with "net/url: invalid userinfo" #69930
• crypto/x509: unable to parse certificate parsable by Java #33259
• crypto/x509: cannot parse certificate IP & net/http cannot ignore this certificate error #65829 (closed)

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

The situation I encountered is different.

[mauri870]

This is expected as Go does not support SM algorithms. The certificate you posted uses SM2 and SM3. These are Chinese Standards for encryption.

See https://cran.r-project.org/web/packages/smcryptoR/smcryptoR.pdf

[mauri870]

You can convert this issue into a proposal if you wish to add these algorithms to the standard library. Otherwise there are packages that implement these standards available, for example https://github.com/tjfoc/gmsm.

[seankhliao]

Duplicate of #54087