• Adam Langley's avatar
    crypto/x509, crypto/tls: improve root matching and observe CA flag. · 8e5f673d
    Adam Langley authored
    The key/value format of X.500 names means that it's possible to encode
    a name with multiple values for, say, organisation. RFC5280
    doesn't seem to consider this, but there are Verisign root
    certificates which do this and, in order to find the correct
    root certificate in some cases, we need to handle it.
    
    Also, CA certificates should set the CA flag and we now check
    this. After looking at the other X.509 extensions it appears
    that they are universally ignored/bit rotted away so we ignore
    them.
    
    R=rsc
    CC=golang-dev
    https://golang.org/cl/2249042
    8e5f673d
ca_set.go 1.84 KB