Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: handshake_client.go compares RawIssuer to leaf #5390

Closed
lukescott opened this issue May 2, 2013 · 3 comments
Closed

crypto/tls: handshake_client.go compares RawIssuer to leaf #5390

lukescott opened this issue May 2, 2013 · 3 comments
Labels
FrozenDueToAge
Milestone
Go1.2

Comments

@lukescott
Copy link 

Line 207 compares RawIssuer to the Leaf:

http://golang.org/src/pkg/crypto/tls/handshake_client.go#L207

When you have an Intermediate CA this fails. The RawIssuer should be compared to the
"Head" certificate, not the "Leaf". Line 207 should be:

if leaf, err = x509.ParseCertificate(cert.Certificate[len(cert.Certificate)-1]); err !=
nil {

Assuming the chain looks like this:

Root CA -> Intermediate CA -> Client Cert

The server has the "Root CA" in tls.Config.ClientCAs. The client has
"Client Cert | Intermediate CA" concated in the same file, loaded with
tls.LoadX509KeyPair (which ensures index 0, "Client Cert", matches the private
key, as it should).
@lukescott
Copy link
Author

Comment 1:

It looks like this issue would be fixed with https://golang.org/cl/9795043/.

@rsc
Copy link
Contributor

rsc commented Jul 30, 2013

Comment 2:

Labels changed: added priority-later, go1.2, removed priority-triage.

Status changed to Accepted.

@agl
Copy link
Contributor

agl commented Jul 30, 2013

Comment 3:

Sorry for not seeing this sooner. I believe that the report is correct and that it was
fixed by 64a3ac450b0d, as noted in #1.

Owner changed to @agl.

Status changed to Fixed.

@rsc rsc added this to the Go1.2 milestone Apr 14, 2015
@rsc rsc removed the go1.2 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.2
Development

No branches or pull requests
4 participants
@agl @rsc @lukescott @gopherbot