crypto/x509: fix behaviour of KeyUsageAny.

(Reporter wasn't able to provide a certificate chain that uses this feature for testing.) Fixes #6831 R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/40340043

crypto/x509: fix behaviour of KeyUsageAny.
(Reporter wasn't able to provide a certificate chain that uses this feature for testing.) Fixes #6831 R=golang-dev, bradfitz, r CC=golang-dev https://golang.org/cl/40340043
ddbad5ef · Adam Langley · de8549df · ddbad5ef
Commit ddbad5ef authored Dec 10, 2013 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

verify.go src/pkg/crypto/x509/verify.go +2 -1

No files found.
--- a/src/pkg/crypto/x509/verify.go
+++ b/src/pkg/crypto/x509/verify.go
@@ -425,6 +425,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
 	// by each certificate. If we cross out all the usages, then the chain
 	// is unacceptable.

+NextCert:
 	for i := len(chain) - 1; i >= 0; i-- {
 		cert := chain[i]
 		if len(cert.ExtKeyUsage) == 0 && len(cert.UnknownExtKeyUsage) == 0 {
@@ -435,7 +436,7 @@ func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
 		for _, usage := range cert.ExtKeyUsage {
 			if usage == ExtKeyUsageAny {
 				// The certificate is explicitly good for any usage.
-				continue
+				continue NextCert
 			}
 		}