mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
go/src
History
Filippo Valsorda 4f9ec2c756 crypto/x509: ignore Common Name when it does not parse as a hostname 
The Common Name is used as a hostname when there are no Subject
Alternative Names, but it is not restricted by name constraints. To
protect against a name constraints bypass, we used to require SANs for
constrained chains. See the NameConstraintsWithoutSANs error.

This change ignores the CN when it does not look like a hostname, so we
can avoid returning NameConstraintsWithoutSANs.

This makes it possible to validate certificates with non-hostname CN
against chains that use name constraints to disallow all names, like the
Estonian IDs.

Updates #24151

Change-Id: I798d797990720a01ad9b5a13336756cc472ebf44
Reviewed-on: https://go-review.googlesource.com/123355
Reviewed-by: Adam Langley <agl@golang.org>
 		2018-07-16 19:30:08 +00:00
..
archive archive/zip: warn about FileHeader.Name being unvalidated on read 2018-06-13 21:57:41 +00:00
bufio bufio: clarify SplitFunc docs for nil token 2018-06-13 21:43:06 +00:00
builtin
bytes bytes, strings: fix comparison of long byte slices on s390x 2018-06-29 20:48:07 +00:00
cmd cmd/cgo: add note about bug writing C pointers to uninitialized C memory 2018-07-16 17:27:35 +00:00
compress all: update comment URLs from HTTP to HTTPS, where possible 2018-06-01 21:52:00 +00:00
container
context context: add docs to ExampleWithValue 2018-06-12 22:33:54 +00:00
crypto crypto/x509: ignore Common Name when it does not parse as a hostname 2018-07-16 19:30:08 +00:00
database/sql database/sql: update doc related to per-connection state 2018-06-06 18:18:20 +00:00
debug debug/elf,macho,pe: support compressed DWARF 2018-06-19 22:13:51 +00:00
encoding encoding/gob: correct issue number typo in comment 2018-06-13 05:33:59 +00:00
errors
expvar
flag flag: add a Value example 2018-06-21 23:32:53 +00:00
fmt
go go/types: record type information after detecting error 2018-07-12 22:12:51 +00:00
hash all: update comment URLs from HTTP to HTTPS, where possible 2018-06-01 21:52:00 +00:00
html html/template: ignore untyped nil arguments to default escapers 2018-07-09 21:54:35 +00:00
image all: clean up some Deprecated comments 2018-07-06 17:40:56 +00:00
index/suffixarray index/suffixarray: fix a typo mistake in comments 2018-05-29 12:16:51 +00:00
internal doc: update the minimum support Windows version 2018-07-11 22:05:38 +00:00
io io: calculate buffer size only when needed 2018-05-06 15:52:31 +00:00
log log/syslog: skip tests that depend on daemon on builders 2018-05-22 18:26:03 +00:00
math math/big: handle negative exponents in Exp 2018-06-14 22:26:30 +00:00
mime mime/quotedprintable: accept bytes >= 0x80 2018-06-27 17:00:08 +00:00
net net/http: don't cancel Request.Context on pipelined Server requests 2018-07-13 23:44:42 +00:00
os os/exec: document ExtraFiles is not supported on windows 2018-07-13 22:29:48 +00:00
path os: add js/wasm architecture 2018-06-01 05:18:38 +00:00
plugin plugin: make stub lookup signature match dlopen version 2018-05-08 17:09:05 +00:00
reflect reflect: remove struct tags from unexported types 2018-06-28 23:06:00 +00:00
regexp regexp: reword Match documentation to be more like Find 2018-07-13 18:52:46 +00:00
runtime runtime/pprof: add a fake mapping when /proc/self/maps is unavailable 2018-07-16 15:24:25 +00:00
sort all: update comment URLs from HTTP to HTTPS, where possible 2018-06-01 21:52:00 +00:00
strconv strconv: add missing period to godoc comment 2018-06-09 01:26:25 +00:00
strings strings: do much less redundant testing in TestCompareStrings 2018-07-02 14:39:29 +00:00
sync cmd/vet,sync: check lock values more precisely 2018-07-14 06:48:21 +00:00
syscall syscall: convert Windows AddrinfoW.Addr from uintptr to syscall.Pointer 2018-07-12 15:36:15 +00:00
testing testing/cover: improve comments on CoverBlock 2018-07-01 08:07:47 +00:00
text html/template: ignore untyped nil arguments to default escapers 2018-07-09 21:54:35 +00:00
time time: fix typo in Truncate example 2018-07-12 15:01:16 +00:00
unicode unicode: fix SpecialCase to follow its docs & respect explict no-op mappings 2018-06-17 08:48:39 +00:00
unsafe
vendor/golang_org/x vendor: update vendored x/net/http/httpproxy 2018-07-09 19:35:21 +00:00
Make.dist
all.bash
all.bat
all.rc
androidtest.bash
bootstrap.bash
buildall.bash
clean.bash
clean.bat
clean.rc
cmp.bash
iostest.bash
make.bash make.bash: don't pass GOOS and GOARCH to cmd/go when finding GOROOT_BOOTSTRAP 2018-06-20 16:04:33 +00:00
make.bat
make.rc
naclmake.bash
nacltest.bash
race.bash runtime/cgo: Add initial NetBSD Thread Sanitizer support 2018-07-10 23:14:31 +00:00
race.bat
run.bash
run.bat
run.rc