From 31df39d356bd912d7b8da4588e87c3abb9e54e84 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Thu, 13 Nov 2025 16:39:47 +0000
Subject: [PATCH] build: fix tls: failed to verify certificate: x509: negative
 serial number

Before Go 1.23, x509.ParseCertificate accepted certificates with
negative serial numbers. Rejecting these certificates caused a small
number of users to see this error.

From Go 1.23 debug flags can be added to go.mod so this change adds a
debug flag to ensure negative serial numbers are still allowed since
this is a spec violation, not a security issue.

See: https://forum.rclone.org/t/ssl-validation-broken-between-v1-69-1-latest-version/
---
 go.mod | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/go.mod b/go.mod
index d31192d7a..971700301 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,10 @@ module github.com/rclone/rclone
 
 go 1.24.4
 
+godebug (
+    x509negativeserial=1
+)
+
 require (
 	bazil.org/fuse v0.0.0-20230120002735-62a210ff1fd5
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0