Sounds like you now know why it is failing. Is this something you can change? Or is it a bug in the go library code?
@skinfrakki no 4 is correct because then you have read 0, 1, 2 and 3 which are four byte (i.e. 32-bit). Where does this code live?
/usr/lib/golang/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
Hmmm, is it possible to share the X509v3 extensions: section of
openssl x509 -in my.crt --text
Or just the X509v3 Certificate Policies:… It seem like the OIDs are both working on playground so it must be something else…
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:dnsserver1, DNS:dnsserver2 IP Address:address1, IP Address:address2
X509v3 Subject Key Identifier:
98:FF:66:3C:58:26:36:A1:F5:CB:C2:B3:BC:3C:33:90:3E:8A:5E:80
X509v3 Authority Key Identifier:
keyid:13:57:08:E7:5E:7E:92:45:E9:AF:CC:80:B2:D5:D2:A4:E2:30:87:6B
