[go] crypto/x509: use netip.ParseAddr in VerifyHostname to handle zone-scoped IPv6

0 views
Skip to first unread message

Gopher Robot (Gerrit)

unread,
Jun 8, 2026, 1:38:06 PM (3 days ago) Jun 8
to Sravani Bhamidipaty, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, golang...@luci-project-accounts.iam.gserviceaccount.com, Daniel McCarney, Mark Freeman, Roland Shoemaker, Filippo Valsorda, golang-co...@googlegroups.com

Gopher Robot submitted the change

Change information

Commit message:
crypto/x509: use netip.ParseAddr in VerifyHostname for IPv6 zones

net.ParseIP returns nil for zone-scoped IPv6 addresses (e.g.
fe80::1%eth0), causing VerifyHostname to fall through to DNS name
matching instead of IP matching. Switch to netip.ParseAddr which
handles zone IDs correctly; AsSlice() returns the zone-free byte
representation for comparison against certificate SANs.

Fixes #79719
Change-Id: I47fa43838273d225b8e70eb6c68d5d5466b75e5f
Reviewed-by: Sravani Bhamidipaty <sravanibh...@gmail.com>
Reviewed-by: Roland Shoemaker <rol...@golang.org>
Auto-Submit: Daniel McCarney <dan...@binaryparadox.net>
Reviewed-by: Daniel McCarney <dan...@binaryparadox.net>
Reviewed-by: Mark Freeman <markf...@google.com>
Files:
  • M src/crypto/x509/verify.go
  • M src/crypto/x509/verify_test.go
Change size: S
Delta: 2 files changed, 41 insertions(+), 2 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: I47fa43838273d225b8e70eb6c68d5d5466b75e5f
Gerrit-Change-Number: 785280
Gerrit-PatchSet: 5
Gerrit-Owner: Sravani Bhamidipaty <sravanibh...@gmail.com>
Gerrit-Reviewer: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: Filippo Valsorda <fil...@golang.org>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Mark Freeman <markf...@google.com>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
Gerrit-Reviewer: Sravani Bhamidipaty <sravanibh...@gmail.com>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages