From 074f2d800f2c7b741a080081cfcc5295b375b23d Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Fri, 17 Jul 2020 03:52:23 -0400 Subject: [PATCH] doc/go1.15: surface the crypto/x509 CommonName deprecation note Updates #39568 Updates #37419 Updates #24151 Change-Id: I44c940e09e26a039076396bbfecb2b1574197cf7 Reviewed-on: https://go-review.googlesource.com/c/go/+/243221 Reviewed-by: Kevin Burke --- doc/go1.15.html | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/doc/go1.15.html b/doc/go1.15.html index 0cbc9be60d..42687a4741 100644 --- a/doc/go1.15.html +++ b/doc/go1.15.html @@ -386,6 +386,23 @@ Do not send CLs removing the interior tags from such phrases. documentation for more information.

+

X.509 CommonName deprecation

+ +

+ The deprecated, legacy behavior of treating the CommonName + field on X.509 certificates as a host name when no Subject Alternative Names + are present is now disabled by default. It can be temporarily re-enabled by + adding the value x509ignoreCN=0 to the GODEBUG + environment variable. +

+ +

+ Note that if the CommonName is an invalid host name, it's always + ignored, regardless of GODEBUG settings. Invalid names include + those with any characters other than letters, digits, hyphens and underscores, + and those with empty labels or trailing dots. +

+

Minor changes to the library

@@ -523,15 +540,6 @@ Do not send CLs removing the interior tags from such phrases. certificates with trailing dots.

-

- The deprecated, legacy behavior of treating the CommonName - field as a hostname when no Subject Alternative Names are present is now - disabled by default. It can be temporarily re-enabled by adding the value - x509ignoreCN=0 to the GODEBUG environment - variable. If the CommonName is an invalid hostname, it's - always ignored. -

-

The new CreateRevocationList function and RevocationList type