Document the x509 and asn1 packages #946
Description
The x509 and asn1 are forks of the corresponding standard Go packages.
Their README files need more detail on:
- The reasons why the packages are forked.
- How to maintain them.
- How/when to keep up with the upstream changes.
The latter are important since there is a backlog of x509-related issues:
- Don't error on unsupported leaf public keys #531
- Certificate verifier doesn't reject mismatched signature algorithm #699
- Alternative Endpoint for x509.ParsePKIXPublicKey that allows non-fatal errors #740
- Begin testing against latest golang version #765
- Inconsistent license infomation for asn1 and x509 #884
- x509 Certificate verification with Common Name #897
- Extend certcheck to cope with Android attestation extension #865
- [bug] Darwin not considered a UNIX system? #869
"Why" in a nutshell: Since there are many implementations of x509 in the ecosystem, with various levels of incompleteness, CT logs need to be permissive of certificates that almost follow the spec.