Fork of golang.org/x/crypto with my patches. http://git.kilabit.info/go-x-crypto/atom?h=v0.41.0 2025-08-07T17:21:04Z 2025-08-07T17:21:04Z Gopher Robot gobot@golang.org 2025-08-07T16:08:13Z urn:sha1:ef5341b70697ceb55f904384bd982587224e8b0c Update golang.org/x dependencies to their latest tagged versions. Change-Id: I93de641462a54b0ae565bb60e2a0e6e7c2c3b883 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/693999 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> 2025-08-06T20:33:03Z Daniel McCarney daniel@binaryparadox.net 2025-08-06T16:43:58Z urn:sha1:b999374650442ee37e9bbd97d6a11ad7ed999b98 Wait for process completion before reading stdout/stderr buffers to eliminate race between I/O Go routines and test cleanup. Updates golang/go#74437 Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest-race Change-Id: I2e650c04db5be0d7a1e858ce40e25f13ad12223c Reviewed-on: https://go-review.googlesource.com/c/crypto/+/693596 Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-08-03T19:47:17Z Mateusz Poliwczak mpoliwczak34@gmail.com 2025-05-25T14:41:48Z urn:sha1:c247dead11de7671a21a6c5169555e2aa5313caa goos: linux goarch: amd64 pkg: golang.org/x/crypto/x509roots/fallback cpu: AMD Ryzen 5 4600G with Radeon Graphics │ /tmp/before │ /tmp/after │ │ sec/op │ sec/op vs base │ InitTime-12 1.726m ± 0% 1.101m ± 1% -36.20% (p=0.000 n=30) │ /tmp/before │ /tmp/after │ │ B/op │ B/op vs base │ InitTime-12 1178.2Ki ± 0% 779.8Ki ± 0% -33.81% (p=0.000 n=30) │ /tmp/before │ /tmp/after │ │ allocs/op │ allocs/op vs base │ InitTime-12 11.35k ± 0% 10.64k ± 0% -6.32% (p=0.000 n=30) Updates golang/go#73691 Change-Id: Ic33f2fdfc65001c41afeb3b6af8a383288d10de6 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676217 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Mark Freeman <mark@golang.org> 2025-08-01T15:44:22Z Daniel McCarney daniel@binaryparadox.net 2025-07-31T17:53:34Z urn:sha1:1fda73153feef7b246f24005838c387e354e5e3b In CI it seems that occasionally we can't connect to the test servers within 10 tries, and the test flakes. Let's give the process more attempts. Updates golang/go#74437 Change-Id: I74d6cea83468a3a572ec4b52ff7314c778c664cf Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/crypto/+/692075 Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Mark Freeman <mark@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-07-30T23:29:44Z Gopher Robot gobot@golang.org 2025-07-14T16:00:58Z urn:sha1:1b4c3d2e8c8be172c6af8f2f72778e69e74d2e78 This is an automated CL which updates the NSS root bundle. [git-generate] go generate ./x509roots Change-Id: Ib30b702d41dedacce835628a9dab456098be0703 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687895 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> 2025-07-11T19:27:10Z Daniel McCarney daniel@binaryparadox.net 2025-07-09T18:08:52Z urn:sha1:b903b535d3ef82fab12a9cc0fa50fccc396ced55 When spawning the pebble and pebble-challtestserv processes redirect stdout/stderr to bytes.Buffer instances and print their content at test end as appropriate. The stdout/stderr content for each process is printed if the test failed, or if testing is being done in verbose mode. Otherwise the output is swallowed. This makes debugging test failures much easier as output from the subprocesses from independent tests isn't intermingled. Updates golang/go#74437 Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest Change-Id: Ia79a3609ce3522ef6248442de247554c39367162 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/686935 Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> 2025-07-10T17:21:43Z Gopher Robot gobot@golang.org 2025-07-09T21:06:42Z urn:sha1:459a9db11b9c43bb1d61722bfd371751d6de05c9 Update golang.org/x dependencies to their latest tagged versions. Change-Id: I3a89b1890ad2f7d2b2c23e1efce60c19e43dd381 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687017 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: David Chase <drchase@google.com> 2025-07-09T15:43:26Z Nicola Murino nicola.murino@gmail.com 2024-01-27T18:29:59Z urn:sha1:74e709ad8a8068445173aa5f3e8d7c89caf510c3 Fixes golang/go#61536 Change-Id: Id38cc6d46879dbe2bdea04dec061596387ec6cfe Reviewed-on: https://go-review.googlesource.com/c/crypto/+/559056 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Carlos Amedee <carlos@golang.org> 2025-06-30T19:50:50Z Daniel McCarney daniel@binaryparadox.net 2025-05-30T16:42:24Z urn:sha1:b3790b8d914304c8187dc2c86800101c329d77cd When creating a TLS-ALPN-01 challenge response certificate for an IP address identifier we need to configure the template IPAddresses field, not the DNSNames/Subject.CommonName. Along the way we can do some small tidying: * Updating the draft TLS-ALPN-01 reference to the finalized RFC * Adding a reference to the IP address identifier ACME RFC * Adding a mention of the form the challenge validation request's SNI will take when verifying an IP address identifier * Tidying the private tlsChallengeCert() function to take a single identifier as arg since the only call-sites provide singular values since the removal of the TLS-SNI-[01|02] challenge helpers. This allows enabling an IP address identifier in the Pebble integration tests that otherwise caused a validation failure for TLS-ALPN-01 challenge types because the IP address was used as a DNS SAN. Updates golang/go#73914 Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest Change-Id: Ic671e41b585f424f821db65206c7ffcc6dd386a0 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/677576 Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com> Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2025-06-30T16:51:57Z Daniel McCarney daniel@binaryparadox.net 2025-05-29T18:34:34Z urn:sha1:1dc4269656dd23b2c4e71c51b8af6bc2b63eecb7 This commit adds integration test coverage for a complete TLS-ALPN-01 and HTTP-01 based issuance flow. For each tested challenge type we: * Spin up a pebble/pebble-challtestsrv environment * Spin up a small challenge response server * Create an ACME account * Create an order for multiple DNS type identifiers * Provision challenge responses based on the challenge type under test * Wait for the order to become ready for issuance * Finalize the order, issuing a certificate * Check the newly issued certificate chain validates with the Pebble trust anchor, and that the certificate is valid for each of the names from our initial order These tests are skipped in short mode (Pebble has variable delays for validation requests). The Pebble source is fetched through the Go module proxy (unless a local directory is specified to aid development), similar to how the stdlib crypto packages fetch BoGo tooling. More test coverage for various other parts of the protocol (key rollover, account/authz deactivation, revocation, etc) can be added as follow-up work now that the groundwork for integration testing is laid. Fixes golang/go#73914 Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest Change-Id: I4e79f4858f31ef290a0c91d345e15fbdc510e9ab Reviewed-on: https://go-review.googlesource.com/c/crypto/+/677575 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>