diff options
| author | Roland Shoemaker <roland@golang.org> | 2024-05-15 13:46:38 -0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-05-22 22:58:43 +0000 |
| commit | 56ec5d96bce06b70895ce2816fd59a4e0c4db21c (patch) | |
| tree | 9ed18374a20eb84f78b90e9ac3ccd9804bdcc214 /doc/godebug.md | |
| parent | 375031d8dcec9ae74d2dbc437b201107dba3bb5f (diff) | |
| download | go-56ec5d96bce06b70895ce2816fd59a4e0c4db21c.tar.xz | |
crypto/tls: populate Leaf in X509KeyPair
Fixes #67065
Change-Id: I189e194de8aa94523eb64e1dd294a70cb81cbdf6
Reviewed-on: https://go-review.googlesource.com/c/go/+/585856
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Diffstat (limited to 'doc/godebug.md')
| -rw-r--r-- | doc/godebug.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/godebug.md b/doc/godebug.md index d5455e337c..bc8b32c00e 100644 --- a/doc/godebug.md +++ b/doc/godebug.md @@ -201,6 +201,13 @@ Go 1.23 changed the default TLS cipher suites used by clients and servers when not explicitly configured, removing 3DES cipher suites. The default can be reverted using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites). +Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair) +and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the +Leaf field of the returned [`tls.Certificate`](/pkg/crypto/tls#Certificate). +This behavior is controlled by the `x509keypairleaf` setting. For Go 1.23, it +defaults to `x509keypairleaf=1`. Previous versions default to +`x509keypairleaf=0`. + ### Go 1.22 Go 1.22 adds a configurable limit to control the maximum acceptable RSA key size |