1
0
mirror of https://github.com/golang/go synced 2024-11-23 13:00:07 -07:00
The Go programming language
Go to file
Filippo Valsorda eb93c684d4 crypto/tls: select only compatible chains from Certificates
Now that we have a full implementation of the logic to check certificate
compatibility, we can let applications just list multiple chains in
Certificates (for example, an RSA and an ECDSA one) and choose the most
appropriate automatically.

NameToCertificate only maps each name to one chain, so simply deprecate
it, and while at it simplify its implementation by not stripping
trailing dots from the SNI (which is specified not to have any, see RFC
6066, Section 3) and by not supporting multi-level wildcards, which are
not a thing in the WebPKI (and in crypto/x509).

The performance of SupportsCertificate without Leaf is poor, but doesn't
affect current users. For now document that, and address it properly in
the next cycle. See #35504.

While cleaning up the Certificates/GetCertificate/GetConfigForClient
behavior, also support leaving Certificates/GetCertificate nil if
GetConfigForClient is set, and send unrecognized_name when there are no
available certificates.

Fixes #29139
Fixes #18377

Change-Id: I26604db48806fe4d608388e55da52f34b7ca4566
Reviewed-on: https://go-review.googlesource.com/c/go/+/205059
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
2019-11-12 01:08:57 +00:00
.github .github: don't render author-facing text in ISSUE_TEMPLATE 2018-11-02 04:47:34 +00:00
api unicode: upgrade to Unicode 12 2019-11-05 14:34:56 +00:00
doc doc: document new math.Fma function 2019-11-07 21:59:39 +00:00
lib/time lib/time: update tz data to 2019b 2019-07-03 23:08:27 +00:00
misc misc: ensure that test overlay directories are writable 2019-11-11 17:59:46 +00:00
src crypto/tls: select only compatible chains from Certificates 2019-11-12 01:08:57 +00:00
test runtime: fix line number for faulting instructions 2019-11-08 21:05:17 +00:00
.gitattributes
.gitignore
AUTHORS A+C: change email address for Akhil Indurti 2019-09-09 15:30:38 +00:00
CONTRIBUTING.md all: restore changes from faulty merge/revert 2018-02-12 20:13:59 +00:00
CONTRIBUTORS C: update email address for utkarsh-extc 2019-10-03 12:39:06 +00:00
favicon.ico
LICENSE
PATENTS
README.md README: linkify some paths 2018-06-06 18:07:01 +00:00
robots.txt
SECURITY.md SECURITY.md: update go versions 2019-09-26 15:34:57 +00:00

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.