From: Filippo Valsorda Date: Fri, 17 Jul 2020 07:52:23 +0000 (-0400) Subject: doc/go1.15: surface the crypto/x509 CommonName deprecation note X-Git-Tag: go1.15rc2~1^2~18 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=074f2d800f;p=gostls13.git doc/go1.15: surface the crypto/x509 CommonName deprecation note Updates #39568 Updates #37419 Updates #24151 Change-Id: I44c940e09e26a039076396bbfecb2b1574197cf7 Reviewed-on: https://go-review.googlesource.com/c/go/+/243221 Reviewed-by: Kevin Burke --- diff --git a/doc/go1.15.html b/doc/go1.15.html index 0cbc9be60d..42687a4741 100644 --- a/doc/go1.15.html +++ b/doc/go1.15.html @@ -386,6 +386,23 @@ Do not send CLs removing the interior tags from such phrases. documentation for more information.

+

X.509 CommonName deprecation

+ +

+ The deprecated, legacy behavior of treating the CommonName + field on X.509 certificates as a host name when no Subject Alternative Names + are present is now disabled by default. It can be temporarily re-enabled by + adding the value x509ignoreCN=0 to the GODEBUG + environment variable. +

+ +

+ Note that if the CommonName is an invalid host name, it's always + ignored, regardless of GODEBUG settings. Invalid names include + those with any characters other than letters, digits, hyphens and underscores, + and those with empty labels or trailing dots. +

+

Minor changes to the library

@@ -523,15 +540,6 @@ Do not send CLs removing the interior tags from such phrases. certificates with trailing dots.

-

- The deprecated, legacy behavior of treating the CommonName - field as a hostname when no Subject Alternative Names are present is now - disabled by default. It can be temporarily re-enabled by adding the value - x509ignoreCN=0 to the GODEBUG environment - variable. If the CommonName is an invalid hostname, it's - always ignored. -

-

The new CreateRevocationList function and RevocationList type