Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: intermediates with unknown critical extensions not rejected #22260

Closed
rsc opened this issue Oct 13, 2017 · 2 comments
Closed

crypto/x509: intermediates with unknown critical extensions not rejected #22260

rsc opened this issue Oct 13, 2017 · 2 comments

Comments

@rsc
Copy link
Contributor

@rsc rsc commented Oct 13, 2017

From CL 69294:

In https://golang.org/cl/9390 I messed up and put the critical extension
test in the wrong function. Thus it only triggered for leaf certificates
and not for intermediates or roots.

In practice, this is not expected to have a security impact in the web
PKI.

Per @agl, we should backport this to Go 1.9 and Go 1.8 as part of our regular point releases, but it doesn't warrant a special pre-announced security release (because, as the description says, it "is not expected to have a security impact in web PKI").

@rsc
Copy link
Contributor Author

@rsc rsc commented Oct 13, 2017

CL 69294 OK for Go 1.9.2.

@rsc
Copy link
Contributor Author

@rsc rsc commented Oct 26, 2017

go1.9.2 has been packaged and includes:

The release is posted at golang.org/dl.

— golang.org/x/build/cmd/releasebot, Oct 26 21:09:24 UTC

@rsc rsc closed this Oct 26, 2017
@golang golang locked and limited conversation to collaborators Oct 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.