Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity
9981 commits 64 branches 468 tags 812 MiB
Commit graph

5 commits

Author SHA1 Message Date
Robert Griesemer
61650b21d6 cleanup: gofmt -s -w src misc 
R=r
CC=golang-dev
https://golang.org/cl/4984052
 2011-09-06 16:04:55 -07:00
Adam Langley
d1d466f620 crypto/x509: prevent chain cycles in Verify 
It's possible to include a self-signed root certificate as an
intermediate and push Verify into a loop.

I already had a test for this so I thought that it was ok, but it
turns out that the test was void because the Verisign root certificate
doesn't contain the "IsCA" flag and so it wasn't an acceptable
intermediate certificate for that reason.

R=bradfitz
CC=golang-dev
https://golang.org/cl/4657080
 2011-07-07 18:06:50 -04:00
Robert Griesemer
712fb6dcd3 os.Error API: don't export os.ErrorString, use os.NewError consistently 
This is a core API change.

1) gofix misc src
2) Manual adjustments to the following files under src/pkg:
   gob/decode.go
   rpc/client.go
   os/error.go
   io/io.go
   bufio/bufio.go
   http/request.go
   websocket/client.go
as well as:
   src/cmd/gofix/testdata/*.go.in (reverted)
   test/fixedbugs/bug243.go
3) Implemented gofix patch (oserrorstring.go) and test case (oserrorstring_test.go)

Compiles and runs all tests.

R=r, rsc, gri
CC=golang-dev
https://golang.org/cl/4607052
 2011-06-22 10:52:47 -07:00
Adam Langley
8803d57f3e crypto/x509: memorize chain building. 
I ran the new verification code against a large number of certificates
with a huge (>1000) number of intermediates.

I had previously convinced myself that a cycle in the certificate
graph implied a cycle in the hash graph (and thus, a contradiction).
This is bogus because the signatures don't cover each other.

Secondly, I managed to drive the verification into a time explosion
with a fully connected graph of certificates. The code would try to
walk the factorial number of paths.

This change switches the CertPool to dealing with indexes of
certificates rather than pointers: this makes equality easy. (I didn't
want to compare pointers because a reasonable gc could move objects
around over time.)

Secondly, verification now memorizes the chains from a given
certificate. This is dynamic programming for the lazy, but there's a
solid reason behind it: dynamic programming would ignore the Issuer
hints that we can exploit by walking up the chain rather than down.

R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4439070
 2011-04-26 10:26:22 -04:00
Adam Langley
c24c6d8340 crypto: move certificate verification into x509. 
People have a need to verify certificates in situations other than TLS
client handshaking. Thus this CL moves certificate verification into
x509 and expands its abilities.

R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4407046
 2011-04-19 09:57:58 -04:00