mirror of
https://github.com/golang/go
synced 2024-11-08 02:36:18 -07:00
95c5ec67ea
Trailing dots are not allowed in certificate fields like CN and SANs (while they are allowed and ignored as inputs to verification APIs). Move to considering names with trailing dots in certificates as invalid hostnames. Following the rule of CL 231378, these invalid names lose wildcard processing, but can still match if there is a 1:1 match, trailing dot included, with the VerifyHostname input. They also become ignored Common Name values regardless of the GODEBUG=x509ignoreCN=X value, because we have to ignore invalid hostnames in Common Name for #24151. The error message automatically accounts for this, and doesn't suggest the environment variable. You don't get to use a legacy deprecated field AND invalid hostnames. (While at it, also consider wildcards in VerifyHostname inputs as invalid hostnames, not that it should change any observed behavior.) Change-Id: Iecdee8927df50c1d9daf904776b051de9f5e76ad Reviewed-on: https://go-review.googlesource.com/c/go/+/231380 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> |
||
|---|---|---|
| .. | ||
| aes | ||
| cipher | ||
| des | ||
| dsa | ||
| ecdsa | ||
| ed25519 | ||
| elliptic | ||
| hmac | ||
| internal | ||
| md5 | ||
| rand | ||
| rc4 | ||
| rsa | ||
| sha1 | ||
| sha256 | ||
| sha512 | ||
| subtle | ||
| tls | ||
| x509 | ||
| crypto.go | ||
| issue21104_test.go | ||