diff options
| author | Roland Shoemaker <roland@golang.org> | 2024-11-16 11:17:54 -0800 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-11-22 01:28:52 +0000 |
| commit | e8d95619978c4602d4446f113b3b69b7a22308fa (patch) | |
| tree | 74114a1d081ffba199b7f9e77729590a014fc866 /api | |
| parent | e06e29b9b4afbb30f5c77551ff8e6bdaafcf8e9b (diff) | |
| download | go-e8d95619978c4602d4446f113b3b69b7a22308fa.tar.xz | |
crypto/x509: implement policy validation
Implement support for parsing the various policy related extensions,
and for validating the policy graph for chains.
Policy validation is only run if VerifyOptions.CertificatePolicies is
set. Policy validation is run after chains are built. If the computed
policy graph for a chain is invalid, the chain is removed from the set
of returned chains.
This implements the RFC 5280 algorithm as updated by
RFC 9618 [0].
Fixes #68484
[0] https://www.rfc-editor.org/rfc/rfc9618.html
Change-Id: I576432a47ddc404cba966c2b1995365944b8bd26
Reviewed-on: https://go-review.googlesource.com/c/go/+/628616
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'api')
| -rw-r--r-- | api/next/68484.txt | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/api/next/68484.txt b/api/next/68484.txt new file mode 100644 index 0000000000..99cef3259c --- /dev/null +++ b/api/next/68484.txt @@ -0,0 +1,13 @@ +pkg crypto/x509, type Certificate struct, InhibitAnyPolicy int #68484 +pkg crypto/x509, type Certificate struct, InhibitAnyPolicyZero bool #68484 +pkg crypto/x509, type Certificate struct, InhibitPolicyMapping int #68484 +pkg crypto/x509, type Certificate struct, InhibitPolicyMappingZero bool #68484 +pkg crypto/x509, type Certificate struct, PolicyMappings []PolicyMapping #68484 +pkg crypto/x509, type Certificate struct, RequireExplicitPolicy int #68484 +pkg crypto/x509, type Certificate struct, RequireExplicitPolicyZero bool #68484 +pkg crypto/x509, type PolicyMapping struct #68484 +pkg crypto/x509, type PolicyMapping struct, IssuerDomainPolicy OID #68484 +pkg crypto/x509, type PolicyMapping struct, SubjectDomainPolicy OID #68484 +pkg crypto/x509, type VerifyOptions struct, CertificatePolicies []OID #68484 +pkg crypto/x509, const NoValidChains = 10 #68484 +pkg crypto/x509, const NoValidChains InvalidReason #68484 |