Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3154)

Issue 6304065: code review 6304065: crypto/x509: add extended key usage support. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
8 years, 3 months ago by agl1
Modified:
8 years, 3 months ago
Reviewers:
CC:
golang-dev, rsc
Visibility:
Public.

Description

crypto/x509: add extended key usage support. Flame motivated me to get around to adding extended key usage support so that code signing certificates can't be used for TLS server authentication and vice versa.

Patch Set 1 #

Patch Set 2 : diff -r 86c67b73e566 https://code.google.com/p/go/ #

Patch Set 3 : diff -r 86c67b73e566 https://code.google.com/p/go/ #

Patch Set 4 : diff -r 86c67b73e566 https://code.google.com/p/go/ #

Total comments: 4

Patch Set 5 : diff -r f14046c7d922 https://code.google.com/p/go/ #

Patch Set 6 : diff -r f14046c7d922 https://code.google.com/p/go/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+201 lines, -1 line) Patch
M src/pkg/crypto/x509/verify.go View 1 2 3 4 5 chunks +92 lines, -1 line 0 comments Download
M src/pkg/crypto/x509/verify_test.go View 1 2 3 4 5 chunks +97 lines, -0 lines 0 comments Download
M src/pkg/crypto/x509/x509.go View 1 3 chunks +12 lines, -0 lines 0 comments Download

Messages

Total messages: 3
agl1
Hello golang-dev@googlegroups.com (cc: golang-dev@googlegroups.com), I'd like you to review this change to https://code.google.com/p/go/
8 years, 3 months ago (2012-06-14 21:50:45 UTC) #1
rsc
LGTM http://codereview.appspot.com/6304065/diff/5001/src/pkg/crypto/x509/verify.go File src/pkg/crypto/x509/verify.go (right): http://codereview.appspot.com/6304065/diff/5001/src/pkg/crypto/x509/verify.go#newcode30 src/pkg/crypto/x509/verify.go:30: // UnsupportedUsage results when the certificate's key usage ...
8 years, 3 months ago (2012-06-19 03:50:19 UTC) #2
agl1
8 years, 3 months ago (2012-06-20 20:19:44 UTC) #3
*** Submitted as http://code.google.com/p/go/source/detail?r=b7a1cd9f1a6c ***

crypto/x509: add extended key usage support.

Flame motivated me to get around to adding extended key usage support
so that code signing certificates can't be used for TLS server
authentication and vice versa.

R=golang-dev, rsc
CC=golang-dev
http://codereview.appspot.com/6304065

http://codereview.appspot.com/6304065/diff/5001/src/pkg/crypto/x509/verify.go
File src/pkg/crypto/x509/verify.go (right):

http://codereview.appspot.com/6304065/diff/5001/src/pkg/crypto/x509/verify.go...
src/pkg/crypto/x509/verify.go:30: // UnsupportedUsage results when the
certificate's key usage indicates
On 2012/06/19 03:50:19, rsc wrote:
> Unsupported makes me think that the implementation just doesn't do it yet. Is
> this the term of art? In the error message you used the word "incompatible",
> which has better connotations for me.

Done.

http://codereview.appspot.com/6304065/diff/5001/src/pkg/crypto/x509/verify.go...
src/pkg/crypto/x509/verify.go:194: keyUsages = append(keyUsages,
ExtKeyUsageServerAuth)
On 2012/06/19 03:50:19, rsc wrote:
> keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth}
> 
> just to make sure you're not scribbling on someone else's slice.

Done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b