Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: Verify on macOS does not return typed errors [1.19 backport] #57427

Closed
rolandshoemaker opened this issue Dec 21, 2022 · 4 comments
Closed

crypto/x509: Verify on macOS does not return typed errors [1.19 backport] #57427

rolandshoemaker opened this issue Dec 21, 2022 · 4 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone
Go1.19.5

Comments

@rolandshoemaker
Copy link
Member

@rolandshoemaker requested issue #56891 to be considered for backport to the next 1.19 minor release.

@gopherbot please open backport issues. This issue makes macOS behave differently from every other platform, which otherwise return consistent types for verification errors. This was an inadvertent breaking API change introduced in 1.18, and is likely causing silent issues in code that expects consistent behavior across platforms when verifying certificates. Currently working around this requires adding macOS specific code in order to catch specific verification failures.
@rolandshoemaker rolandshoemaker added the CherryPickCandidate Used during the release process for point releases label Dec 21, 2022
@rolandshoemaker rolandshoemaker added this to the Go1.19.5 milestone Dec 21, 2022
@heschi heschi added the CherryPickApproved Used during the release process for point releases label Jan 4, 2023
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Jan 4, 2023
@heschi
Copy link
Contributor

heschi commented Jan 4, 2023

Ping: this issue is at risk of missing the next minor release.

@dmitshur dmitshur mentioned this issue Jan 5, 2023
Closed
@heschi
Copy link
Contributor

heschi commented Jan 5, 2023

cc @golang/security

@gopherbot
Copy link

Change https://go.dev/cl/460895 mentions this issue: [release-branch.go1.19] crypto/x509: return typed verification errors on macOS

@gopherbot
Copy link

Closed by merging c8104a1 to release-branch.go1.19.

gopherbot pushed a commit that referenced this issue Jan 6, 2023
@rolandshoemaker @gopherbot
[release-branch.go1.19] crypto/x509: return typed verification errors…
c8104a1 
… on macOS

On macOS return the error code from SecTrustEvaluateWithError, and use
it to create typed errors that can be returned from Verify.

Updates #56891
Fixes #57427

Change-Id: Ib597ce202abb60702f730e75da583894422e4c14
Reviewed-on: https://go-review.googlesource.com/c/go/+/452620
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit c9a10d4)
Reviewed-on: https://go-review.googlesource.com/c/go/+/460895
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Heschi Kreinick <heschi@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
@srenatus srenatus mentioned this issue Jan 12, 2023
Merged
@ingvagabund ingvagabund mentioned this issue Feb 13, 2023
Closed
@golang golang locked and limited conversation to collaborators Jan 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.19.5
Development

No branches or pull requests
3 participants
@rolandshoemaker @gopherbot @heschi