From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 9 Nov 2020 13:00:09 +0000 (+0100)
Subject: crypto/x509: use fingerprint map for (*CertPool).contains
X-Git-Tag: go1.16beta1~289
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=feccfb8adaf5a0ce93a0dafa31336ccb6f41c618;p=gostls13.git

crypto/x509: use fingerprint map for (*CertPool).contains

This fell through the cracks from the CL 229917 comments.

Change-Id: I22584107f1e8111f9c523f45307dd50e1e5f4b8f
Reviewed-on: https://go-review.googlesource.com/c/go/+/268339
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---

diff --git a/src/crypto/x509/cert_pool.go b/src/crypto/x509/cert_pool.go
index c23ccf1b39..bcc5db3b70 100644
--- a/src/crypto/x509/cert_pool.go
+++ b/src/crypto/x509/cert_pool.go
@@ -161,18 +161,7 @@ func (s *CertPool) contains(cert *Certificate) bool {
 	if s == nil {
 		return false
 	}
-	candidates := s.byName[string(cert.RawSubject)]
-	for _, i := range candidates {
-		c, err := s.cert(i)
-		if err != nil {
-			return false
-		}
-		if c.Equal(cert) {
-			return true
-		}
-	}
-
-	return false
+	return s.haveSum[sha256.Sum224(cert.Raw)]
 }
 
 // AddCert adds a certificate to a pool.