Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Sun, 10 Sep 2017 00:05:41 +0000 (17:05 -0700)
committer	Adam Langley <agl@golang.org>
	Tue, 7 Nov 2017 21:58:30 +0000 (21:58 +0000)
commit	9e76ce70701ceef8fbccfb953b33a2ae7fe0367c
tree	d750915865df60d1b8818020312b5dec69fee3ac	tree
parent	a4aa5c31811b13b5d16b6fbbb2c72ed53eca0efb	commit \| diff

crypto/x509: enforce all name constraints and support IP, email and URI constraints

This change makes crypto/x509 enforce name constraints for all names in
a leaf certificate, not just the name being validated. Thus, after this
change, if a certificate validates then all the names in it can be
trusted – one doesn't have a validate again for each interesting name.

Making extended key usage work in this fashion still remains to be done.

Updates #15196

Change-Id: I72ed5ff2f7284082d5bf3e1e86faf76cef62f9b5
Reviewed-on: https://go-review.googlesource.com/62693
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>

src/crypto/x509/name_constraints_test.go	[new file with mode: 0644]	blob
src/crypto/x509/root_windows.go		diff \| blob \| history
src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history
src/crypto/x509/x509.go		diff \| blob \| history
src/crypto/x509/x509_test.go		diff \| blob \| history
src/go/build/deps_test.go		diff \| blob \| history