kris/th5 - th5 - GIT server of AmongBytes

kris/th5

Fork 0

Commit Graph

Author	SHA1	Message	Date
Robert Hencke	46f6bfea8f	crypto/tls, fmt: print fixes R=golang-dev, bradfitz, minux.ma, rsc, bradfitz CC=golang-dev https://golang.org/cl/5787069	2012-03-12 12:04:45 +09:00
Mikkel Krautz	c8b807a37a	crypto/x509: new home for root fetchers; build chains using Windows API This moves the various CA root fetchers from crypto/tls into crypto/x509. The move was brought about by issue 2997. Windows doesn't ship with all its root certificates, but will instead download them as-needed when using CryptoAPI for certificate verification. This CL changes crypto/x509 to verify a certificate using the system root CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is now implemented using Windows's CryptoAPI. All other root fetchers are unchanged, and still use Go's own verification code. The CL also fixes the hostname matching logic in crypto/tls/tls.go, in order to be able to test whether hostname mismatches are honored by the Windows verification code. The move to crypto/x509 also allows other packages to use the OS-provided root certificates, instead of hiding them inside the crypto/tls package. Fixes #2997. R=agl, golang-dev, alex.brainman, rsc, mikkel CC=golang-dev https://golang.org/cl/5700087	2012-03-07 13:12:35 -05:00
Mikkel Krautz	7697013b51	crypto/tls: fetch root certificates using Mac OS API Fixes #1009. R=adg, rsc CC=golang-dev https://golang.org/cl/5262041	2011-10-13 13:59:13 -04:00

Author

SHA1

Message

Date

Robert Hencke

46f6bfea8f

crypto/tls, fmt: print fixes

R=golang-dev, bradfitz, minux.ma, rsc, bradfitz
CC=golang-dev
https://golang.org/cl/5787069

2012-03-12 12:04:45 +09:00

Mikkel Krautz

c8b807a37a

crypto/x509: new home for root fetchers; build chains using Windows API

This moves the various CA root fetchers from crypto/tls into crypto/x509.

The move was brought about by issue 2997. Windows doesn't ship with all
its root certificates, but will instead download them as-needed when using
CryptoAPI for certificate verification.

This CL changes crypto/x509 to verify a certificate using the system root
CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
now implemented using Windows's CryptoAPI. All other root fetchers are
unchanged, and still use Go's own verification code.

The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
order to be able to test whether hostname mismatches are honored by the
Windows verification code.

The move to crypto/x509 also allows other packages to use the OS-provided
root certificates, instead of hiding them inside the crypto/tls package.

Fixes #2997.

R=agl, golang-dev, alex.brainman, rsc, mikkel
CC=golang-dev
https://golang.org/cl/5700087

2012-03-07 13:12:35 -05:00

Mikkel Krautz

7697013b51

crypto/tls: fetch root certificates using Mac OS API

Fixes #1009.

R=adg, rsc
CC=golang-dev
https://golang.org/cl/5262041

2011-10-13 13:59:13 -04:00

3 Commits