]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 7263540) | patch
crypto/x509: tighten EKU checking for requested EKUs.
authorAdam Langley <agl@golang.org>
Thu, 22 Feb 2018 20:30:44 +0000 (12:30 -0800)
committerFilippo Valsorda <hi@filippo.io>
Fri, 23 Feb 2018 17:07:21 +0000 (17:07 +0000)
commit0681c7c31b5922f08f31404023e6b295f35812fe
treef9cea760121d6cf09ae0b9ca3880f4857664d3edtree
parent7263540146c75de8037501b3d6fb64f59a0d1956commit | diff
crypto/x509: tighten EKU checking for requested EKUs.

There are, sadly, many exceptions to EKU checking to reflect mistakes
that CAs have made in practice. However, the requirements for checking
requested EKUs against the leaf should be tighter than for checking leaf
EKUs against a CA.

Fixes #23884

Change-Id: I05ea874c4ada0696d8bb18cac4377c0b398fcb5e
Reviewed-on: https://go-review.googlesource.com/96379
Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
src/crypto/x509/name_constraints_test.go diff | blob | history
src/crypto/x509/verify.go diff | blob | history
Go GOST TLS 1.3