[dev.boringcrypto] all: add boringcrypto build tags

A plain make.bash in this tree will produce a working,
standard Go toolchain, not a BoringCrypto-enabled one.

The BoringCrypto-enabled one will be created with:

	GOEXPERIMENT=boringcrypto ./make.bash

For #51940.

Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/395881
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This commit is contained in:
Russ Cox 2022-04-27 09:02:52 -04:00
parent 707ce18f5e
commit f9f1229355
7 changed files with 40 additions and 7 deletions

View file

@ -812,13 +812,14 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
opts := x509.VerifyOptions{
IsBoring: isBoringCertificate,
Roots: c.config.ClientCAs,
CurrentTime: c.config.time(),
Intermediates: x509.NewCertPool(),
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
}
if needFIPS() {
opts.IsBoring = isBoringCertificate
}
for _, cert := range certs[1:] {
opts.Intermediates.AddCert(cert)