summaryrefslogtreecommitdiffstats
path: root/llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go
diff options
context:
space:
mode:
Diffstat (limited to 'llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go')
-rw-r--r--llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go b/llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go
index ec1981423db..21b870c1712 100644
--- a/llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go
+++ b/llgo/third_party/gofrontend/libgo/go/crypto/x509/verify.go
@@ -215,6 +215,10 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e
return c.systemVerify(&opts)
}
+ if len(c.UnhandledCriticalExtensions) > 0 {
+ return nil, UnhandledCriticalExtension{}
+ }
+
if opts.Roots == nil {
opts.Roots = systemRootsPool()
if opts.Roots == nil {
@@ -323,6 +327,9 @@ nextIntermediate:
}
func matchHostnames(pattern, host string) bool {
+ host = strings.TrimSuffix(host, ".")
+ pattern = strings.TrimSuffix(pattern, ".")
+
if len(pattern) == 0 || len(host) == 0 {
return false
}
@@ -335,7 +342,7 @@ func matchHostnames(pattern, host string) bool {
}
for i, patternPart := range patternParts {
- if patternPart == "*" {
+ if i == 0 && patternPart == "*" {
continue
}
if patternPart != hostParts[i] {
OpenPOWER on IntegriCloud