x/crypto/ssh: clarify CertChecker.CheckCert usage #58840
Comments
rolandshoemaker
added
the
NeedsFix
|
Change https://go.dev/cl/570955 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CertChecker.CheckCerthas a slightly confusing API, as it appears on the surface as the primary method on the type, but it doesn't actually authenticate the certificate at all, rather it validates the contents and should generally be called afterCertChecker.Authenticate. In particular the doc comment refers to checking "the signature of the certificate" is perhaps somewhat misleading, since this simply checks that the self-signature on the certificate is valid (both signature and key are attacker controlled, so don't actually impart any trust).At the minimum we should update the doc comment to be clearer about what it actually does, and that it succeeding does not infer any trust.
cc @FiloSottile
The text was updated successfully, but these errors were encountered: