Skip to content

x/crypto/x509roots: apply constraints with CertPool.AddCertWithConstraint #70623

New issue
New issue
Closed
Closed
x/crypto/x509roots: apply constraints with CertPool.AddCertWithConstraint#70623
Labels
FixPendingIssues that have a fix which has not yet been reviewed or submitted.NeedsFixThe path to resolution is known, but the work has not been done.Security
Milestone
Unreleased
@FiloSottile

Description

@FiloSottile
FiloSottile
opened on Dec 1, 2024

Now that #57178 has landed, we should use CertPool.AddCertWithConstraint to apply nss.Constraint values.

In particular, the Entrust root now has a Distrust After of November 30, 2024 that we need to apply.

/cc @golang/security

Metadata

Metadata

Assignees

No one assigned

    Labels

    FixPendingIssues that have a fix which has not yet been reviewed or submitted.NeedsFixThe path to resolution is known, but the work has not been done.Security

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions