Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(9047)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 7336046: code review 7336046: crypto/x509: support IP SANs. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 2 months ago by agl1
Modified:
11 years, 2 months ago
Reviewers:
CC:
golang-dev, mikio, bradfitz
Visibility:
Public.

Description

crypto/x509: support IP SANs. Subject Alternative Names in X.509 certificates may include IP addresses. This change adds support for marshaling, unmarshaling and verifying this form of SAN. It also causes IP addresses to only be checked against IP SANs, rather than against hostnames as was previously the case. This reflects RFC 6125. Fixes issue 4658.

Patch Set 1 #

Patch Set 2 : diff -r e7cbe567acdf https://code.google.com/p/go/ #

Patch Set 3 : diff -r e7cbe567acdf https://code.google.com/p/go/ #

Patch Set 4 : diff -r e7cbe567acdf https://code.google.com/p/go/ #

Total comments: 5

Patch Set 5 : diff -r e7cbe567acdf https://code.google.com/p/go/ #

Total comments: 4

Patch Set 6 : diff -r e92503ce815b https://code.google.com/p/go/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+194 lines, -38 lines) Patch
M src/pkg/crypto/tls/generate_cert.go View 1 2 3 4 5 1 chunk +52 lines, -8 lines 0 comments Download
M src/pkg/crypto/x509/verify.go View 1 2 3 chunks +36 lines, -5 lines 0 comments Download
M src/pkg/crypto/x509/x509.go View 1 2 3 4 4 chunks +25 lines, -4 lines 0 comments Download
M src/pkg/crypto/x509/x509_test.go View 1 4 chunks +61 lines, -2 lines 0 comments Download
M src/pkg/go/build/deps_test.go View 1 1 chunk +1 line, -1 line 0 comments Download
M src/pkg/net/http/httptest/server.go View 1 2 3 4 1 chunk +19 lines, -18 lines 0 comments Download

Messages

Total messages: 7
agl1
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go/
11 years, 2 months ago (2013-02-14 21:58:53 UTC) #1
mikio
just skimming https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/x509.go File src/pkg/crypto/x509/x509.go (right): https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/x509.go#newcode849 src/pkg/crypto/x509/x509.go:849: case 4, 16: you can use net.IPv4len ...
11 years, 2 months ago (2013-02-14 22:12:02 UTC) #2
bradfitz
LGTM https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/verify.go File src/pkg/crypto/x509/verify.go (right): https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/verify.go#newcode77 src/pkg/crypto/x509/verify.go:77: valid += ", " this string += is ...
11 years, 2 months ago (2013-02-14 22:14:19 UTC) #3
agl1
https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/x509.go File src/pkg/crypto/x509/x509.go (right): https://codereview.appspot.com/7336046/diff/7001/src/pkg/crypto/x509/x509.go#newcode849 src/pkg/crypto/x509/x509.go:849: case 4, 16: On 2013/02/14 22:12:02, mikio wrote: > ...
11 years, 2 months ago (2013-02-14 23:31:54 UTC) #4
bradfitz
LGTM https://codereview.appspot.com/7336046/diff/5006/src/pkg/crypto/tls/generate_cert.go File src/pkg/crypto/tls/generate_cert.go (right): https://codereview.appspot.com/7336046/diff/5006/src/pkg/crypto/tls/generate_cert.go#newcode29 src/pkg/crypto/tls/generate_cert.go:29: host = flag.String("host", "", "Comma separated hostnamesn and ...
11 years, 2 months ago (2013-02-14 23:36:25 UTC) #5
mikio
LGTM
11 years, 2 months ago (2013-02-14 23:43:38 UTC) #6
agl1
11 years, 2 months ago (2013-02-15 15:40:27 UTC) #7 
*** Submitted as https://code.google.com/p/go/source/detail?r=e1a94ec9f285 ***

crypto/x509: support IP SANs.

Subject Alternative Names in X.509 certificates may include IP
addresses. This change adds support for marshaling, unmarshaling and
verifying this form of SAN.

It also causes IP addresses to only be checked against IP SANs,
rather than against hostnames as was previously the case. This
reflects RFC 6125.

Fixes issue 4658.

R=golang-dev, mikioh.mikioh, bradfitz
CC=golang-dev
https://codereview.appspot.com/7336046

https://codereview.appspot.com/7336046/diff/5006/src/pkg/crypto/tls/generate_...
File src/pkg/crypto/tls/generate_cert.go (right):

https://codereview.appspot.com/7336046/diff/5006/src/pkg/crypto/tls/generate_...
src/pkg/crypto/tls/generate_cert.go:29: host      = flag.String("host", "",
"Comma separated hostnamesn and IPs to generate a certificate for")
On 2013/02/14 23:36:25, bradfitz wrote:
> Comma-separated (hyphen) and extra typo "n" character in there.

Done.

https://codereview.appspot.com/7336046/diff/5006/src/pkg/crypto/tls/generate_...
src/pkg/crypto/tls/generate_cert.go:30: validFrom = flag.String("start-date",
"", "Creation date formatted as Jan 1 12:13:14 2011")
On 2013/02/14 23:36:25, bradfitz wrote:
> as 15:04:05 (using 15 makes it obvious how to do PM)

Done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b