The key/value format of X.500 names means that it's possible to encode
a name with multiple values for, say, organisation. RFC5280
doesn't seem to consider this, but there are Verisign root
certificates which do this and, in order to find the correct
root certificate in some cases, we need to handle it.
Also, CA certificates should set the CA flag and we now check
this. After looking at the other X.509 extensions it appears
that they are universally ignored/bit rotted away so we ignore
them.
R=rsc
CC=golang-dev
https://golang.org/cl/2249042
asn1: add support for T61String because this is the string type which
several www.google.com certificates are now using for fields like
CommonName
tls: force a handshake in Dial so that certificates are ready
afterwards.
Fixes#1114.
R=rsc
CC=golang-dev
https://golang.org/cl/2216043
This changeset implements client certificate support in crypto/tls
for both handshake_server.go and handshake_client.go
The updated server implementation sends an empty CertificateAuthorities
field in the CertificateRequest, thus allowing clients to send any
certificates they wish. Likewise, the client code will only respond
with its certificate when the server requests a certificate with this
field empty.
R=agl, rsc, agl1
CC=golang-dev
https://golang.org/cl/1975042
RFC 5280, 4.2.1.2 says:
SubjectKeyIdentifier ::= KeyIdentifier
KeyIdentifier ::= OCTET STRING
Previously, we were failing to unwrap the second level of OCTET STRING
encoding.
Fixes#993.
R=rsc
CC=golang-dev
https://golang.org/cl/1917044
SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).
PeerCertificates returns the list of certificates presented by
server.
R=r
CC=golang-dev
https://golang.org/cl/1741053
OCSP is the preferred X.509 revocation mechanism. X.509 certificates
can contain a URL from which can be fetched a signed response saying
"this certificate is valid until $x" (where $x is usually 7 days in the
future). These are called OCSP responses and they can also be included
in the TLS handshake itself ("OCSP stapling")
R=rsc, r
CC=golang-dev
https://golang.org/cl/1875043
For generating non-self-signed certs we need to be able to specify a
public key (for the signee) which is different from the private key (of
the signer).
R=rsc
CC=golang-dev
https://golang.org/cl/1741045
- renamed Len -> BitLen, simplified implementation
- renamed old Div, Mod, DivMod -> Que, Rem, QuoRem
- implemented Div, Mod, DivMod (Euclidian definition, more
useful in a mathematical context)
- fixed a bug in Exp (-0 was possible)
- added extra tests to check normalized results everywhere
- uniformly set Int.neg flag at the end of computations
- minor cosmetic cleanups
- ran all tests
R=rsc
CC=golang-dev
https://golang.org/cl/1091041
note that sortmain.go has been run through hg gofmt;
only the formatting of the day initializers changed.
i'm happy to revert that formatting if you'd prefer.
stop on error in doc/progs/run
R=r
CC=golang-dev
https://golang.org/cl/850041
Previously we would require safe primes for our RSA key generation.
Since this took rather a long time, this removes the requirement that
the primes be safe.
OpenSSL doesn't use safe primes for RSA key generation either
(openssl-0.9.8l/crypto/rsa/rsa_gen.c:122)
Fixes#649.
R=rsc
CC=golang-dev
https://golang.org/cl/253041
- only manual changes are in src/pkg/go/printer/nodes.go
- use a heuristic to determine "outliers" such that not entire composites are
forced to align with them
- improves several places that were not unligned before due too simple heuristic
- unalignes some cases that contain "outliers"
- gofmt -w src misc
Fixes#644.
R=rsc, r
CC=golang-dev
https://golang.org/cl/241041
Marshalling:
* Fixes several silly bugs.
* Support the RawContents type.
* Support the RawValue type.
* Recurse into nested interface{}.
Both directions:
* Better handling of SETs. You can now tag an element in a
structure with "set" to get the correct tag for serialisation.
* For types that aren't in a structure, you can now name them
with "SET" on the end.
* SETs are no longer implicitly treated as SEQUENCEs.
R=rsc
CC=golang-dev
https://golang.org/cl/201049
(I was looking at this code accidentally because of some gofmt
issues and thought that one could write this more effectively.
You may have deliberately chosen not to use ranges here to make
the index range clearer. Just let me know.)
R=agl, agl1
CC=golang-dev
https://golang.org/cl/181084
Listener contains private members and 6g now enforces that private
members cannot be assigned outside of their package.
R=rsc
CC=golang-dev
https://golang.org/cl/183073