Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Thu, 22 Feb 2018 20:30:44 +0000 (12:30 -0800)
committer	Andrew Bonventre <andybons@golang.org>
	Thu, 29 Mar 2018 06:07:20 +0000 (06:07 +0000)
commit	fe0d248f29e5f0c95fd90be8c457586230809ce4
tree	ce8c3e1eae077387baaf87afcd1403e002885c90	tree
parent	b3398f8fa8233279eb343f4c478eb9ea6524ecdd	commit \| diff

[release-branch.go1.10] crypto/x509: tighten EKU checking for requested EKUs.

There are, sadly, many exceptions to EKU checking to reflect mistakes
that CAs have made in practice. However, the requirements for checking
requested EKUs against the leaf should be tighter than for checking leaf
EKUs against a CA.

Fixes #23884

Change-Id: I05ea874c4ada0696d8bb18cac4377c0b398fcb5e
Reviewed-on: https://go-review.googlesource.com/96379
Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102780
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>

src/crypto/x509/name_constraints_test.go		diff \| blob \| history
src/crypto/x509/verify.go		diff \| blob \| history