go/doc/next/6-stdlib/99-minor/crypto/x509/45990.md

[CreateCertificateRequest] now correct supports RSA-PSS signature algorithms.

[CreateCertificateRequest] and [CreateRevocationList] now verify the generated signature using the signer’s public key. If the signature is invalid, an error is returned. This has been the behavior of [CreateCertificate] since Go 1.16.