]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 95a3779) | patch
crypto/x509: properly reject invalid DNS names when checking constraints
authorRoland Shoemaker <roland@golang.org>
Mon, 5 Feb 2024 21:12:51 +0000 (13:12 -0800)
committerRoland Shoemaker <roland@golang.org>
Thu, 9 May 2024 22:40:21 +0000 (22:40 +0000)
commit5856162487a3f380a271afac84ab19d5020679d2
tree91f7be537ac538c72921349f878d7aef803537a2tree
parent95a3779ebc6456c501fa5d888f8fb842dae58460commit | diff
crypto/x509: properly reject invalid DNS names when checking constraints

A DNS name prefixed with an empty label should be considered invalid
when checking constraints (i.e. ".example.com" does not satisfy a
constraint of "example.com").

Updates #65085

Change-Id: I42919dc06abedc0e242ff36b2a42b583b14857b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/561615
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
src/crypto/x509/name_constraints_test.go diff | blob | history
src/crypto/x509/verify.go diff | blob | history
Go GOST TLS 1.3