kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Alternative TLS implementation in Go
133 Commits 3 Branches 0 Tags 2.6 MiB
Go 99.8%
Shell 0.2%
c8b807a37a
Go to file
Mikkel Krautz c8b807a37a crypto/x509: new home for root fetchers; build chains using Windows API 
This moves the various CA root fetchers from crypto/tls into crypto/x509.

The move was brought about by issue 2997. Windows doesn't ship with all
its root certificates, but will instead download them as-needed when using
CryptoAPI for certificate verification.

This CL changes crypto/x509 to verify a certificate using the system root
CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
now implemented using Windows's CryptoAPI. All other root fetchers are
unchanged, and still use Go's own verification code.

The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
order to be able to test whether hostname mismatches are honored by the
Windows verification code.

The move to crypto/x509 also allows other packages to use the OS-provided
root certificates, instead of hiding them inside the crypto/tls package.

Fixes #2997.

R=agl, golang-dev, alex.brainman, rsc, mikkel
CC=golang-dev
https://golang.org/cl/5700087
2012-03-07 13:12:35 -05:00
alert.go crypto/tls: add Error method to alert 2011-10-27 19:42:32 -07:00
cipher_suites.go crypto/hmac: Deprecate hmac.NewMD5, hmac.NewSHA1 and hmac.NewSHA256 2012-01-19 17:28:38 -05:00
common.go crypto/x509: new home for root fetchers; build chains using Windows API 2012-03-07 13:12:35 -05:00
conn_test.go crypto/tls: add server side SNI support. 2011-10-08 10:06:53 -04:00
conn.go crypto/...: more fixes for bug 2841 2012-02-13 12:38:45 -05:00
generate_cert.go cmd/go: a raft of fixes 2012-02-14 16:39:20 -05:00
handshake_client_test.go all: update 'gotest' to 'go test' 2012-02-13 13:58:17 -05:00
handshake_client.go crypto/x509: new home for root fetchers; build chains using Windows API 2012-03-07 13:12:35 -05:00
handshake_messages_test.go crypto/tls: fix handshake message test 2011-11-14 15:21:08 -05:00
handshake_messages.go crypto/tls: Improve TLS Client Authentication 2012-01-05 12:05:38 -05:00
handshake_server_test.go all: update 'gotest' to 'go test' 2012-02-13 13:58:17 -05:00
handshake_server.go go/printer, gofmt: improved comma placement 2012-02-22 11:27:45 -08:00
key_agreement.go crypto/elliptic: add constant-time P224. 2012-01-19 08:39:03 -05:00
parse-gnutls-cli-debug-log.py crypto/tls: add 3DES ciphersuites 2011-10-11 13:07:32 -04:00
prf_test.go crypto/tls: support SSLv3 2011-09-14 15:32:19 -04:00
prf.go Add a []byte argument to hash.Hash to allow an allocation to be saved. 2011-12-01 12:35:37 -05:00
root_test.go crypto/x509: new home for root fetchers; build chains using Windows API 2012-03-07 13:12:35 -05:00
tls.go crypto/x509: new home for root fetchers; build chains using Windows API 2012-03-07 13:12:35 -05:00