From: Roland Shoemaker Date: Fri, 19 Nov 2021 22:32:49 +0000 (-0800) Subject: doc/go1.18: add crypto/x509 verifier notes X-Git-Tag: go1.18rc1~112 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=0003d9da093ce1cb19aebb074da4506fade35a66;p=gostls13.git doc/go1.18: add crypto/x509 verifier notes Change-Id: If3e835e868ae695ba232b57096c135ce2e73305b Reviewed-on: https://go-review.googlesource.com/c/go/+/365835 Trust: Roland Shoemaker Trust: Filippo Valsorda Reviewed-by: Katie Hockman --- diff --git a/doc/go1.18.html b/doc/go1.18.html index cb3c2dbac3..4d77f14d53 100644 --- a/doc/go1.18.html +++ b/doc/go1.18.html @@ -662,6 +662,46 @@ Do not send CLs removing the interior tags from such phrases. +
crypto/x509
+
+

+ Certificate.Verify + now uses platform APIs to verify certificate validity on macOS and iOS when it + is called with a nil + VerifyOpts.Roots + or when using the root pool returned from + SystemCertPool. +

+ +

+ SystemCertPool + is now available on Windows. +

+ +

+ On Windows, macOS, and iOS, when a + CertPool returned by + SystemCertPool + has additional certificates added to it, + Certificate.Verify + will do two verifications: one using the platform verifier APIs and the + system roots, and one using the Go verifier and the additional roots. + Chains returned by the platform verifier APIs will be prioritized. +

+ +

+ CertPool.Subjects + is deprecated. On Windows, macOS, and iOS the + CertPool returned by + SystemCertPool + will return a pool which does not include system roots in the slice + returned by Subjects, as a static list can't appropriately + represent the platform policies and might not be available at all from the + platform APIs. +

+
+
+
debug/dwarf