You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
during path building, equality is determined by checking if the
subjects and public keys match, rather than checking if the entire
certificates are equal
enforces EKU suitability during path building
enforces name constraints on intermediates and roots which have
SANs during path building
The chain cache is removed as it was causing duplicate chains to be
returned, in some cases shadowing better, shorter chains if a longer
chain was found first.
Checking equality using the subjects and public keys, rather than the
entire certificates, allows the path builder to ignore chains which
contain cross-signature loops.
EKU checking is done during path building, as the previous behavior
of only checking EKUs once the path had been built caused the path
builder to incorrectly ignore valid paths when it encountered a path
which would later be ruled invalid because of unacceptable EKU usage.
Name constraints are applied uniformly across all certificates, not
just leaves, in order to be more consistent.
The text was updated successfully, but these errors were encountered:
golang/go@65153e4
This change does four things:
subjects and public keys match, rather than checking if the entire
certificates are equal
SANs during path building
The chain cache is removed as it was causing duplicate chains to be
returned, in some cases shadowing better, shorter chains if a longer
chain was found first.
Checking equality using the subjects and public keys, rather than the
entire certificates, allows the path builder to ignore chains which
contain cross-signature loops.
EKU checking is done during path building, as the previous behavior
of only checking EKUs once the path had been built caused the path
builder to incorrectly ignore valid paths when it encountered a path
which would later be ruled invalid because of unacceptable EKU usage.
Name constraints are applied uniformly across all certificates, not
just leaves, in order to be more consistent.
The text was updated successfully, but these errors were encountered: