]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c1359db) | patch
crypto/x509: parse invalid DNS names and email addresses.
authorAdam Langley <agl@golang.org>
Thu, 22 Feb 2018 20:05:29 +0000 (12:05 -0800)
committerAdam Langley <agl@golang.org>
Wed, 28 Feb 2018 19:14:11 +0000 (19:14 +0000)
commit4b1d704d144181c81317c1b3db587f6aac53224b
tree4f2af506c7bf01dd4561002cbcd134b4eeff9fa1tree
parentc1359db9cc3e3f84e45c5a899e2dac128ea74d50commit | diff
crypto/x509: parse invalid DNS names and email addresses.

Go 1.10 requires that SANs in certificates are valid. However, a
non-trivial number of (generally non-WebPKI) certificates have invalid
strings in dnsName fields and some have even put those dnsName SANs in
CA certificates.

This change defers validity checking until name constraints are checked.

Fixes #23995, #23711.

Change-Id: I2e0ebb0898c047874a3547226b71e3029333b7f1
Reviewed-on: https://go-review.googlesource.com/96378
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
src/crypto/x509/name_constraints_test.go diff | blob | history
src/crypto/x509/verify.go diff | blob | history
src/crypto/x509/x509.go diff | blob | history
Go GOST TLS 1.3