| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Fixes issue 9078.
LGTM=adg
R=golang-codereviews, adg
CC=golang-codereviews
https://codereview.appspot.com/172920043
|
|
|
|
|
|
|
| |
LGTM=rsc, r
R=r, rsc
CC=golang-codereview, golang-codereviews
https://codereview.appspot.com/168050043
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new attack on CBC padding in SSLv3 was released yesterday[1]. Go only
supports SSLv3 as a server, not as a client. An easy fix is to change
the default minimum version to TLS 1.0 but that seems a little much
this late in the 1.4 process as it may break some things.
Thus this patch adds server support for TLS_FALLBACK_SCSV[2] -- a
mechanism for solving the fallback problem overall. Chrome has
implemented this since February and Google has urged others to do so in
light of yesterday's news.
With this change, clients can indicate that they are doing a fallback
connection and Go servers will be able to correctly reject them.
[1] http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
[2] https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
LGTM=rsc
R=rsc
CC=golang-codereviews
https://codereview.appspot.com/157090043
|
|
|
|
|
|
|
|
|
| |
Fixes issue 8936.
LGTM=bradfitz
R=agl, bradfitz
CC=golang-codereviews
https://codereview.appspot.com/152590043
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In [1] the behaviour of encoding/asn1 with respect to marshaling
optional integers was changed. Previously, a zero valued integer would
be omitted when marshaling. After the change, if a default value was
set then the integer would only be omitted if it was the default value.
This changed the behaviour of crypto/x509 because
Certificate.MaxPathLen has a default value of -1 and thus zero valued
MaxPathLens would no longer be omitted when marshaling. This is
arguably a bug-fix -- a value of zero for MaxPathLen is valid and
meaningful and now could be expressed. However it broke users
(including Docker) who were not setting MaxPathLen at all.
This change again causes a zero-valued MaxPathLen to be omitted and
introduces a ZeroMathPathLen member that indicates that, yes, one
really does want a zero. This is ugly, but we value not breaking users.
[1] https://code.google.com/p/go/source/detail?r=4218b3544610e8d9771b89126553177e32687adf
LGTM=rsc
R=rsc
CC=golang-codereviews, golang-dev
https://codereview.appspot.com/153420045
|
|
|
|
|
|
|
|
|
| |
Fixes issue 8349.
LGTM=rsc
R=rsc
CC=golang-codereviews
https://codereview.appspot.com/147320043
|
|
|
|
|
|
|
|
|
|
|
| |
The ASN.1 encoding of the CRL Distribution Points extension showed an invalid false 'IsCompound' which caused a display problem in the Windows certificate viewer.
LGTM=agl
R=agl
CC=golang-codereviews
https://codereview.appspot.com/143320043
Committer: Adam Langley <agl@golang.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On android, root certificates appear to be stored in the folder
/system/etc/security/cacerts, which has many certs in several
different files. This change adds a new array of directories in
which certs can be found.
To test this, I simply tried making a request with the http
library to an HTTPS URL on an android emulator and manually
verified that it worked.
LGTM=crawshaw
R=golang-codereviews, gobot, crawshaw
CC=golang-codereviews
https://codereview.appspot.com/151800043
Committer: David Crawshaw <david.crawshaw@zentus.com>
|
|
|
|
|
|
|
|
|
|
| |
RFC5280 says that the nextUpdate field is optional.
Fixes issue 8085.
R=bradfitz
CC=golang-codereviews
https://codereview.appspot.com/149770044
|
|
|
|
|
|
|
|
| |
LGTM=r
R=r, adg, rsc
https://codereview.appspot.com/148080043
Committer: Andrew Gerrand <adg@golang.org>
|
|
Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.
|