-
Adam Langley authored
Go 1.10 requires that SANs in certificates are valid. However, a non-trivial number of (generally non-WebPKI) certificates have invalid strings in dnsName fields and some have even put those dnsName SANs in CA certificates. This change defers validity checking until name constraints are checked. Fixes #23995, #23711. Change-Id: I2e0ebb0898c047874a3547226b71e3029333b7f1 Reviewed-on: https://go-review.googlesource.com/96378 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
4b1d704d