mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc/go1.18: add crypto/x509 verifier notes 

Change-Id: If3e835e868ae695ba232b57096c135ce2e73305b
Reviewed-on: https://go-review.googlesource.com/c/go/+/365835
Trust: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
This commit is contained in:
Roland Shoemaker 2021-11-19 14:32:49 -08:00 committed by Filippo Valsorda
parent f9b761aa76
commit 0003d9da09
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
doc/go1.18.html
View File

@ -662,6 +662,46 @@ Do not send CLs removing the interior tags from such phrases.
</dd> </dd>
</dl><!-- crypto/tls --> </dl><!-- crypto/tls -->
<dl id="crypto/x509"><dt><a href="/pkg/crypto/x509">crypto/x509</a></dt>
<dd>
<p><!-- CL 353132, CL 353403 -->
<a href="/pkg/crypto/x509/#Certificate.Verify"><code>Certificate.Verify</code></a>
now uses platform APIs to verify certificate validity on macOS and iOS when it
is called with a nil
<a href="/pkg/crypto/x509/#VerifyOpts.Roots"><code>VerifyOpts.Roots</code></a>
or when using the root pool returned from
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>.
</p>
<p><!-- CL 353589 -->
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
is now available on Windows.
</p>
<p>
On Windows, macOS, and iOS, when a
<a href="/pkg/crypto/x509/#CertPool"><code>CertPool</code></a> returned by
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
has additional certificates added to it,
<a href="/pkg/crypto/x509/#Certificate.Verify"><code>Certificate.Verify</code></a>
will do two verifications: one using the platform verifier APIs and the
system roots, and one using the Go verifier and the additional roots.
Chains returned by the platform verifier APIs will be prioritized.
</p>
<p>
<a href="/pkg/crypto/x509/#CertPool.Subjects"><code>CertPool.Subjects</code></a>
is deprecated. On Windows, macOS, and iOS the
<a href="/pkg/crypto/x509/#CertPool"><code>CertPool</code></a> returned by
<a href="/pkg/crypto/x509/#SystemCertPool"><code>SystemCertPool</code></a>
will return a pool which does not include system roots in the slice
returned by <code>Subjects</code>, as a static list can't appropriately
represent the platform policies and might not be available at all from the
platform APIs.
</p>
</dd>
</dl>
<dl id="debug/dwarf"><dt><a href="/pkg/debug/dwarf/">debug/dwarf</a></dt> <dl id="debug/dwarf"><dt><a href="/pkg/debug/dwarf/">debug/dwarf</a></dt>
<dd> <dd>
<p><!-- CL 380714 --> <p><!-- CL 380714 -->