crypto/x509: remove IsCA exception for broken Entrust root - go - Fork of Go programming language with my patches.

diff options

author	Filippo Valsorda <filippo@golang.org>	2019-09-03 14:01:57 -0400
committer	Filippo Valsorda <filippo@golang.org>	2019-09-03 21:10:31 +0000
commit	14521198679e2c600fd9b5a2da51ff2685f314c1 (patch)
tree	5ee313e7f4f92ac24902c1348d3ac081c0f9d251 /src/errors/errors.go
parent	36f30ba289e31df033d100b2adb4eaf557f05a34 (diff)
download	go-14521198679e2c600fd9b5a2da51ff2685f314c1.tar.xz

crypto/x509: remove IsCA exception for broken Entrust root

The exception allowed a specific intermediate [1] to chain up to a broken root that lacked the CA:TRUE X509v3 Basic Constraint. The broken root [2] is expiring at the end of 2019, so we can remove the exception in Go 1.14. Moreover, there is a reissued version of that root [3] (same Subject and SPKI, valid CA) which expires in 2029, so root stores should have migrated to it already, making the exception unnecessary. [1]: https://crt.sh/?caid=57 [2]: https://crt.sh/?id=1616049 [3]: https://crt.sh/?id=55 Change-Id: I43f51100982791b0e8bac90d143b60851cd46dfc Reviewed-on: https://go-review.googlesource.com/c/go/+/193038 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

Diffstat (limited to 'src/errors/errors.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: