-
Adam Langley authored
Previously we enforced both that the extended key usages of a client certificate chain allowed for client authentication, and that the client-auth EKU was in the leaf certificate. This change removes the latter requirement. It's still the case that the chain must be compatible with the client-auth EKU (i.e. that a parent certificate isn't limited to another usage, like S/MIME), but we'll now accept a leaf certificate with no EKUs for client-auth. While it would be nice if all client certificates were explicit in their intended purpose, I no longer feel that this battle is worthwhile. Fixes #11087. Change-Id: I777e695101cbeba069b730163533e2977f4dc1fc Reviewed-on: https://go-review.googlesource.com/10806Reviewed-by:
Andrew Gerrand <adg@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
c72b8aa3
| Name |
Last commit
|
Last update |
|---|---|---|
| api | ||
| doc | ||
| lib/time | ||
| misc | ||
| src | ||
| test | ||
| .gitattributes | ||
| .gitignore | ||
| AUTHORS | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS | ||
| LICENSE | ||
| PATENTS | ||
| README.md | ||
| favicon.ico | ||
| robots.txt |