crypto/x509: consider parents by Subject if AKID has no match - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2019-02-04 18:08:43 -0500
committer	Filippo Valsorda <filippo@golang.org>	2019-02-07 17:57:03 +0000
commit	95e5b07cf5fdf3352f04f5557df38f22c55ce8e8 (patch)
tree	09ff2af02c2cff46611aaa3de55bd13ec5c7652e /src/database
parent	aa161ad17e65df8f615f25c5dca84e505a8c8315 (diff)
download	go-95e5b07cf5fdf3352f04f5557df38f22c55ce8e8.tar.xz

crypto/x509: consider parents by Subject if AKID has no match

If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before #29233 was fixed in 770130659. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates #30079 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley <agl@golang.org>

Diffstat (limited to 'src/database')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: