mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: don't use CN in BuildNameToCertificate if SANs are present

Browse source 
Change-Id: I18d5b9fc392a6a52fbdd240254d6d9db838073a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/266540
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
This commit is contained in:
Filippo Valsorda 2020-10-30 16:12:13 +01:00
parent f3c794cde3
commit d115185b7d
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common.go
View file

@ -1263,7 +1263,9 @@ func (c *Config) BuildNameToCertificate() {
if err != nil {
continue
}
if len(x509Cert.Subject.CommonName) > 0 {
// If SANs are *not* present, some clients will consider the certificate
// valid for the name in the Common Name.
if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 {
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
}
for _, san := range x509Cert.DNSNames {