Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: CANotAuthorizedForExtKeyUsage is a bogus error [1.10 backport] #25258
This change brings back the EKU checking from 1.9. In 1.10, we checked EKU nesting independent of the requested EKUs so that, after verifying a certifciate, one could inspect the EKUs in the leaf and trust them. That, however, was too optimistic. I had misunderstood that the PKI was /currently/ clean enough to require that, rather than it being desirable. Go generally does not push the envelope on these sorts of things and lets the browsers clear the path first. Fixes #25258 Change-Id: I18c070478e3bbb6468800ae461c207af9e954949 Reviewed-on: https://go-review.googlesource.com/113475 Reviewed-by: Filippo Valsorda <email@example.com> (cherry picked from commit 180e0f8a1b149bd1d15df29b6527748266cacad9) Reviewed-on: https://go-review.googlesource.com/114035 Run-TryBot: Filippo Valsorda <firstname.lastname@example.org> TryBot-Result: Gobot Gobot <email@example.com> Reviewed-by: Andrew Bonventre <firstname.lastname@example.org>