Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: enforce Name Constraints on intermediates with SANs #45856

Closed
FiloSottile opened this issue Apr 29, 2021 · 2 comments
Closed

crypto/x509: enforce Name Constraints on intermediates with SANs #45856

FiloSottile opened this issue Apr 29, 2021 · 2 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.19

Comments

@FiloSottile
Copy link
Contributor

We currently only enforce Name Constraints on the leaf SANs, while according to RFC 5280, Section 6.1.3(b), we should also enforce it on intermediates with SANs. No security impact on WebPKI-like cases, but also no expected breakage.

/cc @rolandshoemaker
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label Apr 29, 2021
@FiloSottile FiloSottile added this to the Go1.18 milestone Apr 29, 2021
@Skarlso
Copy link
Contributor

Skarlso commented Sep 15, 2021

Hi @FiloSottile

Would you mind if I take this one? :)

I don't have much familiarity with this package also I vaguely are aware of RFC 5280... But I'm eager to re-read it.

If you have pointers, please don't hesitate to share, otherwise, I'll go rummage around in Code.

@FiloSottile FiloSottile modified the milestones: Go1.18, Backlog Sep 23, 2021
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.19 Mar 2, 2022
@gopherbot
Copy link

Change https://go.dev/cl/389555 mentions this issue: crypto/x509: rework path building

@emmansun emmansun mentioned this issue Apr 8, 2022
Closed
@golang golang locked and limited conversation to collaborators Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.19
Development

No branches or pull requests
4 participants
@Skarlso @FiloSottile @rolandshoemaker @gopherbot