1
0
mirror of https://github.com/golang/go synced 2024-11-23 15:00:03 -07:00

crypto/x509: fix behaviour of KeyUsageAny.

(Reporter wasn't able to provide a certificate chain that uses this
feature for testing.)

Fixes #6831

R=golang-dev, bradfitz, r
CC=golang-dev
https://golang.org/cl/40340043
This commit is contained in:
Adam Langley 2013-12-10 14:06:26 -05:00
parent de8549dfd3
commit ddbad5ef20

View File

@ -425,6 +425,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
// by each certificate. If we cross out all the usages, then the chain // by each certificate. If we cross out all the usages, then the chain
// is unacceptable. // is unacceptable.
NextCert:
for i := len(chain) - 1; i >= 0; i-- { for i := len(chain) - 1; i >= 0; i-- {
cert := chain[i] cert := chain[i]
if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 { if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 {
@ -435,7 +436,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
for _, usage := range cert.ExtKeyUsage { for _, usage := range cert.ExtKeyUsage {
if usage == ExtKeyUsageAny { if usage == ExtKeyUsageAny {
// The certificate is explicitly good for any usage. // The certificate is explicitly good for any usage.
continue continue NextCert
} }
} }