You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The original discussion of the issue (https://groups.google.com/forum/#!topic/golang-dev/_9Pz-0BEmCc) estimated that it may need to remain in the codebase to 2020. However, given that the vendor no longer provides the original "technote", which I would see as a withdrawal of their support for anyone encountering the issue, perhaps golang should consider removing the special dispensation from the x509 cert validity code before this 2020 date.
The text was updated successfully, but these errors were encountered:
odeke-em
changed the title
Entrust broken cert link no longer valid, consider removing the workaround
crypto/x509: Entrust broken cert link no longer valid, please consider removing the workaround
Aug 17, 2017
There's no pressing need to remove this check except that it's always nice to have less code. Given that it's likely to cause some small issues if removed, I think it still carries its weight.
What version of Go are you using (
go version
)?go version go1.8.3 darwin/amd64
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH=""
GORACE=""
GOROOT="/usr/local/Cellar/go/1.8.3/libexec"
GOTOOLDIR="/usr/local/Cellar/go/1.8.3/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/zv/jpk_y5hd6xj029pmkgm0j1ym0000gn/T/go-build313170607=/tmp/go-build -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
What did you expect to see?
At https://github.com/golang/go/blob/master/src/crypto/x509/x509.go#L756, go has special dispensation for checking the validity of an "Entrust" certificate due to that vendors mistake in issuing a non-CA certificate as root. The link given (http://www.entrust.net/knowledge-base/technote.cfm?tn=7869) is no longer a valid link, and my search of that vendors website no longer seems to yield information about the issue (it appears to have been removed).
The original discussion of the issue (https://groups.google.com/forum/#!topic/golang-dev/_9Pz-0BEmCc) estimated that it may need to remain in the codebase to 2020. However, given that the vendor no longer provides the original "technote", which I would see as a withdrawal of their support for anyone encountering the issue, perhaps golang should consider removing the special dispensation from the x509 cert validity code before this 2020 date.
The text was updated successfully, but these errors were encountered: