crypto/x509: ignore Common Name by default
Common Name has been deprecated for 20 years, and has horrible interactions with Name Constraints. The browsers managed to drop it last year, let's try flicking the switch to disabled by default. Return helpful errors for things that would get unbroken by flipping the switch back with the environment variable. Had to refresh a test certificate that was too old to have SANs. Updates #24151 Change-Id: I2ab78577fd936ba67969d3417284dbe46e4ae02f Reviewed-on: https://go-review.googlesource.com/c/go/+/231379 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by:Katie Hockman <katie@golang.org>
Loading
Please sign in to comment