mirror of
https://github.com/golang/go
synced 2024-11-23 14:10:05 -07:00
crypto/x509: fix behaviour of KeyUsageAny.
(Reporter wasn't able to provide a certificate chain that uses this feature for testing.) Fixes #6831 R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/40340043
This commit is contained in:
parent
de8549dfd3
commit
ddbad5ef20
@ -425,6 +425,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
|
||||
// by each certificate. If we cross out all the usages, then the chain
|
||||
// is unacceptable.
|
||||
|
||||
NextCert:
|
||||
for i := len(chain) - 1; i >= 0; i-- {
|
||||
cert := chain[i]
|
||||
if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 {
|
||||
@ -435,7 +436,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
|
||||
for _, usage := range cert.ExtKeyUsage {
|
||||
if usage == ExtKeyUsageAny {
|
||||
// The certificate is explicitly good for any usage.
|
||||
continue
|
||||
continue NextCert
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user