crypto/x509: TestSystemVerify/EKULeafValid fails on LUCI [1.20 backport] #60947
Labels
CherryPickApproved
Used during the release process for point releases
Testing
An issue that has been verified to require only test changes, not just a test failure.
Milestone
Comments
gopherbot
added
the
CherryPickCandidate
|
Change https://go.dev/cl/505275 mentions this issue: |
dmitshur
added
Testing
|
Closed by merging bca8175 to release-branch.go1.20. |
gopherbot
pushed a commit
that referenced
this issue
Jun 22, 2023
…s in testVerify Due to the semantics of roots, a root store may contain two valid roots that have the same subject (but different SPKIs) at the asme time. As such in testVerify it is possible that when we verify a certificate we may get two chains that has the same stringified representation. Rather than doing something fancy to include keys (which is just overly complicated), tolerate multiple matches. Updates #60925 Fixes #60947 Change-Id: I5f51f7635801762865a536bcb20ec75f217a36ea Reviewed-on: https://go-review.googlesource.com/c/go/+/505035 Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit 2031366) Reviewed-on: https://go-review.googlesource.com/c/go/+/505275 Run-TryBot: Heschi Kreinick <heschi@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Heschi Kreinick <heschi@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@heschi requested issue #60925 to be considered for backport to the next 1.20 minor release.
The text was updated successfully, but these errors were encountered: