• Paul van Brouwershaven's avatar
    crypto/x509: CertificateRequest signature verification · 54bb4b9f
    Paul van Brouwershaven authored
    This implements a method for x509.CertificateRequest to prevent
    certain attacks and to allow a CA/RA to properly check the validity
    of the binding between an end entity and a key pair, to prove that
    it has possession of (i.e., is able to use) the private key
    corresponding to the public key for which a certificate is requested.
    
    RFC 2986 section 3 states:
    
    "A certification authority fulfills the request by authenticating the
    requesting entity and verifying the entity's signature, and, if the
    request is valid, constructing an X.509 certificate from the
    distinguished name and public key, the issuer name, and the
    certification authority's choice of serial number, validity period,
    and signature algorithm."
    
    Change-Id: I37795c3b1dfdfdd455d870e499b63885eb9bda4f
    Reviewed-on: https://go-review.googlesource.com/7371Reviewed-by: 's avatarAdam Langley <agl@golang.org>
    54bb4b9f
x509.go 58.6 KB