// Create a temporary invalid certificate file
        File invalidCertFile = null;
        try {
            invalidCertFile = File.createTempFile("invalid_cert", ".crt");
            try (FileWriter writer = new FileWriter(invalidCertFile)) {
                writer.write("INVALID CERTIFICATE CONTENT");
            }

Go 1.24 also removed X25519Kyber768Draft00 and the Go 1.23 `tlskyber` setting.

Go 1.24 made [`ParsePKCS1PrivateKey`](/pkg/crypto/x509/#ParsePKCS1PrivateKey)
use and validate the CRT parameters in the encoded private key. This behavior
can be controlled with the `x509rsacrt` setting. Using `x509rsacrt=0` restores
the Go 1.23 behavior.

### Go 1.23

        assertEquals(getViaFactory.threshold(), getViaConstructor.threshold());
    }

    /*
    @Test
    public void test_Get_ssl() throws Exception {
        final String filename = "config/certs/http_ca.crt";
        try (InputStream in = new FileInputStream(filename)) {
            Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in);

!= nil { return errors.New("crypto/rsa: invalid prime") } dP, err := bigmod.NewNat().SetBytes(priv.dP, pMinus1) if err != nil { return errors.New("crypto/rsa: invalid CRT exponent") } de := bigmod.NewNat() de.SetUint(uint(priv.pub.E)).ExpandFor(pMinus1) de.Mul(dP, pMinus1) if de.IsOne() != 1 { return errors.New("crypto/rsa: invalid CRT exponent") } qMinus1, err := bigmod.NewModulus(q.Nat().SubOne(q).Bytes(q)) if err != nil { return errors.New("crypto/rsa: invalid prime") } dQ, err := bigmod.NewNat...

- Kubeadm: during the validation of existing kubeconfig files on disk, handle cases where the "ca.crt" is a bundle and has intermediate certificates. Find a common trust anchor between the "ca.crt" bundle and the CA in the existing kubeconfig on disk instead of treating "ca.crt" as a file containing a single CA. ([#123102](https://github.com/kubernetes/kubernetes/pull/123102), [@astundzia](https://github.com/astundzia))