[go/release-branch.go1.25] [release-branch.go1.25] crypto/x509: fix wildcard domain exclusions.
0 views
Skip to first unread message
Carlos Amedee (Gerrit)
12:37 PM (7 hours ago) 12:37 PM
to Rudolf Polzer, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Go LUCI, Roland Shoemaker, Filippo Valsorda, Daniel McCarney, Gopher Robot, golang-co...@googlegroups.com
Carlos Amedee submitted the change![]( "Open in Gerrit")
Unreviewed changes
2 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.
Change information
Commit message:
[release-branch.go1.25] crypto/x509: fix wildcard domain exclusions.
This fixes the case of an exclusion of bar.com being applied to a
certificate for *.foo.com. When only applying the test change, this
error shows the issue:
--- FAIL: TestConstraintCases/#99 (0.00s)
name_constraints_test.go:2198: unexpected failure: x509: a root or intermediate certificate is not authorized to sign for this name: DNS name "*.bar.example.com" is excluded by constraint "foo.example.com"
See change I60fba0d635f23d53f2146cb64b9f6a29755712e3 for a matching
change to master to just add the test cases (which are already passing
there and in Go 1.26).
Found as part of https://issues.chromium.org/issues/488306305.
Fixes #77968
Change-Id: I747e51edc16c1111f6a114de33af35f618793c90
Reviewed-on: https://go-review.googlesource.com/c/go/+/750980
Reviewed-by: Roland Shoemaker <rol...@golang.org>
LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>
Files:
- M src/crypto/x509/name_constraints_test.go
- M src/crypto/x509/verify.go
Change size: M
Delta: 2 files changed, 187 insertions(+), 2 deletions(-)
Branch: refs/heads/release-branch.go1.25
Submit Requirements:
Code-Review: +2 by Roland Shoemaker
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages