Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(952)

Issue 6346064: code review 6346064: crypto/x509: exempt broken Entrust certificate from checks. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 9 months ago by agl1
Modified:
11 years, 8 months ago
Reviewers:
CC:
golang-dev, dfc, r
Visibility:
Public.

Description

crypto/x509: exempt broken Entrust certificate from checks. Entrust have issued a root certificate that's not marked as valid for signing certificates. This results in Go programs failing to validate certificates that chain up to this root (i.e. gateway.push.apple.com:2195). Although this is clearly a mistake on Entrust's part, it seems that we will have to bodge around it.

Patch Set 1 #

Patch Set 2 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 3 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 4 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 5 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 6 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 7 : diff -r b7a1cd9f1a6c https://code.google.com/p/go/ #

Patch Set 8 : diff -r 695f65745351 https://code.google.com/p/go/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+53 lines, -2 lines) Patch
M src/pkg/crypto/x509/x509.go View 1 2 3 4 5 2 chunks +53 lines, -2 lines 0 comments Download

Messages

Total messages: 4
agl1
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go/
11 years, 9 months ago (2012-07-03 15:33:11 UTC) #1
dfc
This is just my personal opinion, but I don't think we should make an exception ...
11 years, 8 months ago (2012-07-06 10:58:28 UTC) #2
r
LGTM
11 years, 8 months ago (2012-07-09 22:14:00 UTC) #3
agl1
11 years, 8 months ago (2012-07-10 19:58:20 UTC) #4
*** Submitted as http://code.google.com/p/go/source/detail?r=8241ffc8686e ***

crypto/x509: exempt broken Entrust certificate from checks.

Entrust have issued a root certificate that's not marked as valid for
signing certificates.

This results in Go programs failing to validate certificates that
chain up to this root (i.e. gateway.push.apple.com:2195).

Although this is clearly a mistake on Entrust's part, it seems that we
will have to bodge around it.

R=golang-dev, dave, r
CC=golang-dev
http://codereview.appspot.com/6346064
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b