crypto/x509: enforce Name Constraints on intermediates with SANs

[FiloSottile]

We currently only enforce Name Constraints on the leaf SANs, while according to RFC 5280, Section 6.1.3(b), we should also enforce it on intermediates with SANs. No security impact on WebPKI-like cases, but also no expected breakage.

/cc @rolandshoemaker

[Skarlso]

Hi @FiloSottile

Would you mind if I take this one? :)

I don't have much familiarity with this package also I vaguely are aware of RFC 5280... But I'm eager to re-read it.

If you have pointers, please don't hesitate to share, otherwise, I'll go rummage around in Code.

[gopherbot]

Change https://go.dev/cl/389555 mentions this issue: crypto/x509: rework path building