Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Fri, 6 Oct 2017 19:46:22 +0000 (12:46 -0700)
committer	Russ Cox <rsc@golang.org>
	Wed, 25 Oct 2017 18:57:14 +0000 (18:57 +0000)
commit	3be9637d5658535714baeed1994af39342c5066c
tree	822a4bfc0d6d35c30670272eec682c360dffd367	tree
parent	2eac89d5c82d1d8ac7969d13f328f9fd2317b8dc	commit \| diff

[release-branch.go1.8] crypto/x509: reject intermediates with unknown critical extensions.

In https://golang.org/cl/9390 I messed up and put the critical extension
test in the wrong function. Thus it only triggered for leaf certificates
and not for intermediates or roots.

In practice, this is not expected to have a security impact in the web
PKI.

[Merge conflicts resolved in verify_test.go]

Change-Id: I4f2464ef2fb71b5865389901f293062ba1327702
Reviewed-on: https://go-review.googlesource.com/69294
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-on: https://go-review.googlesource.com/70842
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history
src/crypto/x509/x509_test.go		diff \| blob \| history