This change moves a number of common PKIX structures into
crypto/x509/pkix, from where x509, and ocsp can reference
them, saving duplication. It also removes x509/crl and merges it into
x509 and x509/pkix.
x509 is changed to take advantage of the big.Int support that now
exists in asn1. Because of this, the public/private key pair in
http/httptest/server.go had to be updated because it was serialised
with an old version of the code that didn't zero pad ASN.1 INTEGERs.
R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4532115
Drop laddr argument from Dial.
Drop cname return from LookupHost.
Add LookupIP, LookupCNAME, ParseCIDR, IP.Equal.
Export SplitHostPort, JoinHostPort.
Add AAAA (IPv6) support to host lookups.
Preparations for implementing some of the
lookups using cgo.
ParseCIDR and IP.Equal are logically new in this CL
but accidentally snuck into an earlier CL about unused
labels that was in the same client.
In crypto/tls, drop laddr from Dial to match net.
R=golang-dev, dsymonds, adg, rh
CC=golang-dev
https://golang.org/cl/4244055
Many recently issued certificates are chained: there's one or more
intermediate certificates between the host certificate and the root CA
certificate. This change causes the code to load any number of
certificates from the certificate file. This matches the behaviour of
common webservers, and the output of OpenSSL's command line tools.
R=golang-dev, r2
CC=golang-dev
https://golang.org/cl/4119057
Previously we checked the certificate chain from the leaf
upwards and expected to jump from the last cert in the chain to
a root certificate.
Although technically correct, there are a number of sites with
problems including out-of-order certs, superfluous certs and
missing certs.
The last of these requires AIA chasing, which is a lot of
complexity. However, we can address the more common cases by
using a pool building algorithm, as browsers do.
We build a pool of root certificates and a pool from the
server's chain. We then try to build a path to a root
certificate, using either of these pools.
This differs from the behaviour of, say, Firefox in that Firefox
will accumulate intermedite certificate in a persistent pool in
the hope that it can use them to fill in gaps in future chains.
We don't do that because it leads to confusing errors which only
occur based on the order to sites visited.
This change also enabled SNI for tls.Dial so that sites will return
the correct certificate chain.
R=rsc
CC=golang-dev
https://golang.org/cl/2916041
asn1: add support for T61String because this is the string type which
several www.google.com certificates are now using for fields like
CommonName
tls: force a handshake in Dial so that certificates are ready
afterwards.
Fixes#1114.
R=rsc
CC=golang-dev
https://golang.org/cl/2216043
Listener contains private members and 6g now enforces that private
members cannot be assigned outside of their package.
R=rsc
CC=golang-dev
https://golang.org/cl/183073
parsing and printing to new syntax.
Use -oldparser to parse the old syntax,
use -oldprinter to print the old syntax.
2) Change default gofmt formatting settings
to use tabs for indentation only and to use
spaces for alignment. This will make the code
alignment insensitive to an editor's tabwidth.
Use -spaces=false to use tabs for alignment.
3) Manually changed src/exp/parser/parser_test.go
so that it doesn't try to parse the parser's
source files using the old syntax (they have
new syntax now).
4) gofmt -w src misc test/bench
1st set of files.
R=rsc
CC=agl, golang-dev, iant, ken2, r
https://golang.org/cl/180047
- enabled for function declarations (not just function literals)
- applied gofmt -w $GOROOT/src
(look for instance at src/pkg/debug/elf/elf.go)
R=r, rsc
CC=go-dev
http://go/go-review/1026006
