Cypherpunks repositories - gostls13.git/commit

author	Roland Shoemaker <roland@golang.org>
	Fri, 1 Oct 2021 17:14:32 +0000 (10:14 -0700)
committer	Filippo Valsorda <filippo@golang.org>
	Sat, 6 Nov 2021 16:43:43 +0000 (16:43 +0000)
commit	3544082f75fd3d2df7af237ed9aef3ddd499ab9c
tree	d64caff08a5fde33b2af5746f6929548a28a5d08	tree
parent	4f083c7dcf6ace3e837b337e10cf2f4e3160677e	commit \| diff

crypto/x509: verification with system and custom roots

Make system cert pools special, such that when one has extra roots
added to it we run verifications twice, once using the platform
verifier, if available, and once using the Go verifier, merging the
results.

This change re-enables SystemCertPool on Windows, but explicitly does
not return anything from CertPool.Subjects (which matches the behavior
of macOS). CertPool.Subjects is also marked deprecated.

Fixes #46287
Fixes #16736

Change-Id: Idc1843f715ae2b2d0108e55ab942c287181a340a
Reviewed-on: https://go-review.googlesource.com/c/go/+/353589
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>

src/crypto/x509/cert_pool.go		diff \| blob \| history
src/crypto/x509/hybrid_pool_test.go	[new file with mode: 0644]	blob
src/crypto/x509/root_darwin.go		diff \| blob \| history
src/crypto/x509/root_windows.go		diff \| blob \| history
src/crypto/x509/root_windows_test.go	[new file with mode: 0644]	blob
src/crypto/x509/verify.go		diff \| blob \| history