diff --git a/doc/go1.19.html b/doc/go1.19.html index 512db3981f8e3..db2b1e1ab89d1 100644 --- a/doc/go1.19.html +++ b/doc/go1.19.html @@ -262,16 +262,14 @@
- TODO: https://go.dev/cl/370894: batch and buffer calls to getrandom/getentropy +
+ Read
no longer buffers
+ random data obtained from the operating system between calls.
- TODO: https://go.dev/cl/375215: use fast key erasure RNG on plan9 instead of ANSI X9.31 -
- -
- TODO: https://go.dev/cl/390038: remove all buffering
+ On Plan 9, Read
has been reimplemented, replacing the ANSI
+ X9.31 algorithm with fast key erasure.
The tls10default
GODEBUG
option has been
removed. It is still possible to enable TLS 1.0 client-side by setting
- Config.MinVersion
.
+ Config.MinVersion
.
+
+ The TLS server and client now reject duplicate extensions in TLS + handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section + 4.2.
@@ -289,7 +293,51 @@
- TODO: https://go.dev/cl/285872: disable signing with MD5WithRSA
+ CreateCertificate
+ no longer supports creating certificates with SignatureAlgorithm
+ set to MD5WithRSA
.
+
+ CreateCertificate
no longer accepts negative serial numbers.
+
+ ParseCertificate
+ and ParseCertificateRequest
+ now reject certificates and CSRs which contain duplicate extensions.
+
+ The new CertPool.Clone
+ and CertPool.Equal
+ methods allow cloning a CertPool
and checking the equality of two
+ CertPool
s respectively.
+
+ The new function ParseRevocationList
+ provides a faster, safer to use CRL parser which returns a
+ RevocationList
.
+ To support this addition, RevocationList
adds new fields
+ RawIssuer
, Signature
,
+ AuthorityKeyId
, and Extensions
.
+
+ The new method RevocationList.CheckSignatureFrom
+ checks that the signature on a CRL is a valid signature from a
+ Certificate.
+
+ With the new CRL functionality, the existing functions
+ ParseCRL
and
+ ParseDERCRL
are deprecated.
+ Additionally the method Certificate.CheckCRLSignature
+ is deprecated.
+
+ When building paths, Certificate.Verify
+ now considers certificates to be equal when the subjects, public keys, and SANs
+ are all equal. Before, it required byte-for-byte equality.
@@ -311,6 +359,17 @@
+ The types CertificateList
and
+ TBSCertificateList
+ have been deprecated. The new crypto/x509
CRL functionality
+ should be used instead.
+