Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1627)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 9795043: code review 9795043: crypto/tls: Check all certificates in the path. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 11 months ago by jvshahid
Modified:
10 years, 11 months ago
Reviewers:
agl1
CC:
agl, agl1, gobot, golang-dev
Visibility:
Public.

Description

crypto/tls: Check all certificates in the path. Currently we only check the leaf node's issuer against the list of distinguished names in the server's CertificateRequest message. This will fail if the client certiciate has more than one certificate in the path and the leaf node issuer isn't in the list of distinguished names, but the issuer's issuer was in the distinguished names.

Patch Set 1 #

Patch Set 2 : diff -r ca166884c853 https://code.google.com/p/go/ #

Patch Set 3 : diff -r ca166884c853 https://code.google.com/p/go/ #

Patch Set 4 : diff -r ca166884c853 https://code.google.com/p/go/ #

Patch Set 5 : diff -r ca166884c853 https://code.google.com/p/go/ #

Total comments: 4

Patch Set 6 : diff -r 673dec3ec845 https://code.google.com/p/go/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+941 lines, -24 lines) Patch
M src/pkg/crypto/tls/handshake_client.go View 1 2 3 4 5 4 chunks +29 lines, -24 lines 0 comments Download
M src/pkg/crypto/tls/handshake_client_test.go View 1 2 3 2 chunks +912 lines, -0 lines 0 comments Download

Messages

Total messages: 6
jvshahid
Hello golang-dev@googlegroups.com, I'd like you to review this change to https://code.google.com/p/go/
10 years, 11 months ago (2013-05-26 23:45:45 UTC) #1
gobot
R=agl (assigned by dsymonds)
10 years, 11 months ago (2013-05-27 00:54:54 UTC) #2
agl1
LGTM with nits. https://codereview.appspot.com/9795043/diff/13001/src/pkg/crypto/tls/handshake_client.go File src/pkg/crypto/tls/handshake_client.go (right): https://codereview.appspot.com/9795043/diff/13001/src/pkg/crypto/tls/handshake_client.go#newcode200 src/pkg/crypto/tls/handshake_client.go:200: for i, cert := range c.config.Certificates ...
10 years, 11 months ago (2013-05-29 14:39:21 UTC) #3
jvshahid
Hello agl@chromium.org, agl@golang.org (cc: gobot@golang.org, golang-dev@googlegroups.com), Please take another look.
10 years, 11 months ago (2013-05-29 15:13:30 UTC) #4
jvshahid
On 2013/05/29 15:13:30, jvshahid wrote: > Hello mailto:agl@chromium.org, mailto:agl@golang.org (cc: mailto:gobot@golang.org, > mailto:golang-dev@googlegroups.com), > > ...
10 years, 11 months ago (2013-05-29 15:16:08 UTC) #5
agl1
10 years, 11 months ago (2013-05-29 15:21:44 UTC) #6 
*** Submitted as https://code.google.com/p/go/source/detail?r=64a3ac450b0d ***

      crypto/tls: Check all certificates in the path.

Currently we only check the leaf node's issuer against the list of
distinguished names in the server's CertificateRequest message. This
will fail if the client certiciate has more than one certificate in
the path and the leaf node issuer isn't in the list of distinguished
names, but the issuer's issuer was in the distinguished names.

R=agl, agl
CC=gobot, golang-dev
https://codereview.appspot.com/9795043

Committer: Adam Langley <agl@golang.org>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b