rpms / golang

Clone
Source Code
GIT

Blame SOURCES/golang-1.15-warnCN.patch

c7 c7-alt c7-i686 c8-beta-stream-rhel8 c8-stream-rhel8 c8s-stream-rhel8 c9 c9-beta
  1.   a69e7d507c0a11aa4ac7b43b4d66dbbe91987fc2
  2.   SOURCES
  3.   golang-1.15-warnCN.patch
Blob History Raw
a69e7d 
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
a69e7d 
index 50f4d4a..121fd1b 100644
a69e7d 
--- a/src/crypto/x509/verify.go
a69e7d 
+++ b/src/crypto/x509/verify.go
a69e7d 
@@ -20,6 +20,9 @@ import (
a69e7d
a69e7d 
 // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
a69e7d 
 var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
a69e7d 
+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
a69e7d 
+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
a69e7d 
+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
a69e7d
a69e7d 
 type InvalidReason int
a69e7d
a69e7d 
@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
a69e7d 
 	names := c.DNSNames
a69e7d 
 	if c.commonNameAsHostname() {
a69e7d 
 		names = []string{c.Subject.CommonName}
a69e7d 
+		if warnCN {
a69e7d 
+			fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
a69e7d 
+				"Using CN without SAN is deprecated and will not work in future versions.\n")
a69e7d 
+		}
a69e7d 
 	}
a69e7d
a69e7d 
 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation