From: Adam Langley Date: Tue, 10 Dec 2013 19:06:26 +0000 (-0500) Subject: crypto/x509: fix behaviour of KeyUsageAny. X-Git-Tag: go1.3beta1~1271 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ddbad5ef207709ef4fed07e1deba585428588c63;p=gostls13.git crypto/x509: fix behaviour of KeyUsageAny. (Reporter wasn't able to provide a certificate chain that uses this feature for testing.) Fixes #6831 R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/40340043 --- diff --git a/src/pkg/crypto/x509/verify.go b/src/pkg/crypto/x509/verify.go index 8327463ca8..5fd8e37174 100644 --- a/src/pkg/crypto/x509/verify.go +++ b/src/pkg/crypto/x509/verify.go @@ -425,6 +425,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool { // by each certificate. If we cross out all the usages, then the chain // is unacceptable. +NextCert: for i := len(chain) - 1; i >= 0; i-- { cert := chain[i] if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 { @@ -435,7 +436,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool { for _, usage := range cert.ExtKeyUsage { if usage == ExtKeyUsageAny { // The certificate is explicitly good for any usage. - continue + continue NextCert } }