]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: a524616) | patch
crypto/x509: ignore CN if SAN extension present.
authorAdam Langley <agl@golang.org>
Thu, 9 Feb 2017 23:57:53 +0000 (15:57 -0800)
committerAdam Langley <agl@golang.org>
Fri, 10 Feb 2017 16:20:40 +0000 (16:20 +0000)
commit630e93ed2d8a13226903451a0e85e62efd78cdcd
tree403c8243e178193f6ee1f157f1f9d9503601a6c5tree
parenta52461686013767d9f3e43d1de6eebf6f92fb62ccommit | diff
crypto/x509: ignore CN if SAN extension present.

The code previously tested only whether DNS-name SANs were present in a
certificate which is only approximately correct. In fact, /any/ SAN
extension, including one with no DNS names, should cause the CN to be
ignored.

Change-Id: I3d9824918975be6d4817e7cbb48ed1b0c5a2fc8b
Reviewed-on: https://go-review.googlesource.com/36696
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
src/crypto/x509/verify.go diff | blob | history
src/crypto/x509/verify_test.go diff | blob | history
src/crypto/x509/x509.go diff | blob | history
Go GOST TLS 1.3