This moves the various CA root fetchers from crypto/tls into crypto/x509.
The move was brought about by issue 2997. Windows doesn't ship with all
its root certificates, but will instead download them as-needed when using
CryptoAPI for certificate verification.
This CL changes crypto/x509 to verify a certificate using the system root
CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
now implemented using Windows's CryptoAPI. All other root fetchers are
unchanged, and still use Go's own verification code.
The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
order to be able to test whether hostname mismatches are honored by the
Windows verification code.
The move to crypto/x509 also allows other packages to use the OS-provided
root certificates, instead of hiding them inside the crypto/tls package.
Fixes#2997.
R=agl, golang-dev, alex.brainman, rsc, mikkel
CC=golang-dev
https://golang.org/cl/5700087
The compiler must be changed with the Set method
so that the buildToolchain gets updated too.
Fixes#3231.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5768044
The old way to find a port was to listen :0 and then
look at what port it picked, close the listener, and then
immediately try to listen on that port.
On some Windows 7 machines that sequence fails at
the second listen, because the first one is still lingering
in the TCP/IP stack somewhere. (Ironically, most of these
are used in tests of a "second listen", which in this case
ends up being the third listen.)
Instead of this race, just return the listener from the
function, replacing usableLocalPort+Listen with
usableListenPort.
Fixes#3219.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5769045
Does not actually test so files.
««« original CL description
misc/cgo: re-enable testso
Also enabled it for darwin.
R=rsc
CC=golang-dev
https://golang.org/cl/5754063
»»»
R=golang-dev, minux.ma, r, f
CC=golang-dev
https://golang.org/cl/5756075
I don't know what's out there, but something
is answering to 127.0.71.111:80 on our builder,
so use a different port.
Also insert a check that the dial fails, which
would have diagnosed this problem.
Fixes#3016.
R=golang-dev, mikioh.mikioh, r
CC=golang-dev
https://golang.org/cl/5754062
I don't know enough about multicast.
Should this be disabled on all systems, not just Windows?
R=golang-dev
CC=golang-dev
https://golang.org/cl/5754060
$ go run
go run: no go files listed
$ go run ../../pkg/math/bits.go
go run: cannot run non-main package
$
Fixes#3168.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5755064
The last CL forgot the all-important 'backdoor' package.
Cgo-using packages compile .c files with gcc, but we want
to compile this one with 6c, so put it in a non-cgo package.
TBR=golang-dev
CC=golang-dev
https://golang.org/cl/5758063
By default the all.bash tests must not ever announce
on an external address. It's not just an OS X issue.
R=golang-dev, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/5753067
About 10% for hello, world.
Maybe more reductions will come.
Also clarify that we're comparing printf against Printf
(gcc can optimize aggressively, making this a different
sort of comparison).
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5756070
We need a compact, reasonably efficient IsPrint. That adds about 2K of data,
plus a modest amount of code, but now strconv is a near-leaf package.
R=r, bradfitz, adg, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/5756050
In order to land 5700087 (which moves the knowledge of how to get the
root certificates for the system from crypto/tls to crypto/x509), we
need to relax the restrictions on crypto/x509. Afterwards, we can
probably tighten them up in crypto/tls.
R=golang-dev, rsc, krautz
CC=golang-dev
https://golang.org/cl/5753060