crypto/x509: decouple key usage and policy validation - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <roland@golang.org>	2025-05-06 09:27:10 -0700
committer	Roland Shoemaker <roland@golang.org>	2025-05-13 12:09:49 -0700
commit	9bba799955e68972041c4f340ee4ea2d267e5c0e (patch)
tree	383010f5b1a370f5922d96351875b64f980cd65a /src/testing/testing.go
parent	76f63ee890170f4884f4d213e8150d39d6758ad3 (diff)
download	go-9bba799955e68972041c4f340ee4ea2d267e5c0e.tar.xz

crypto/x509: decouple key usage and policy validation

Disabling key usage validation (by passing ExtKeyUsageAny) unintentionally disabled policy validation. This change decouples these two checks, preventing the user from unintentionally disabling policy validation. Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this issue. Fixes #73612 Fixes CVE-2025-22874 Change-Id: Iec8f080a8879a3dd44cb3da30352fa3e7f539d40 Reviewed-on: https://go-review.googlesource.com/c/go/+/670375 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

Diffstat (limited to 'src/testing/testing.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: