• Mikkel Krautz's avatar
    crypto/x509: new home for root fetchers; build chains using Windows API · a324a5ac
    Mikkel Krautz authored
    This moves the various CA root fetchers from crypto/tls into crypto/x509.
    
    The move was brought about by issue 2997. Windows doesn't ship with all
    its root certificates, but will instead download them as-needed when using
    CryptoAPI for certificate verification.
    
    This CL changes crypto/x509 to verify a certificate using the system root
    CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
    now implemented using Windows's CryptoAPI. All other root fetchers are
    unchanged, and still use Go's own verification code.
    
    The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
    order to be able to test whether hostname mismatches are honored by the
    Windows verification code.
    
    The move to crypto/x509 also allows other packages to use the OS-provided
    root certificates, instead of hiding them inside the crypto/tls package.
    
    Fixes #2997.
    
    R=agl, golang-dev, alex.brainman, rsc, mikkel
    CC=golang-dev
    https://golang.org/cl/5700087
    a324a5ac
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...