-
Adam Langley authored
Since a root certificate is self-signed, it's a valid child of itself. If a root certificate appeared both in the pool of intermediates and roots the verification code could find a chain which included it twice: first as an intermediate and then as a root. (Existing checks prevented the code from looping any more.) This change stops the exact same certificate from appearing twice in a chain. This simplifies the results in the face of the common configuration error of a TLS server returning a root certificate. (This should also stop two different versions of the “same” root appearing in a chain because the self-signature on one will not validate for the other.) Fixes #16800. Change-Id: I004853baa0eea27b44d47b9b34f96113a92ebac8 Reviewed-on: https://go-review.googlesource.com/32121 Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by:
Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
07a31bc3
| Name |
Last commit
|
Last update |
|---|---|---|
| .github | ||
| api | ||
| doc | ||
| lib/time | ||
| misc | ||
| src | ||
| test | ||
| .gitattributes | ||
| .gitignore | ||
| AUTHORS | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS | ||
| LICENSE | ||
| PATENTS | ||
| README.md | ||
| favicon.ico | ||
| robots.txt |