Google Git
Sign in
go / crypto / 089bfa5675191fd96a44247682f76ebca03d7916
commit089bfa5675191fd96a44247682f76ebca03d7916[log] [tgz]
authorJames Hartig <fastest963@gmail.com>Fri Dec 11 22:52:14 2020 -0500
committerFilippo Valsorda <filippo@golang.org>Tue Sep 21 15:51:07 2021 +0000
treed26f50954113cc7d02d918c073af488fd51a4de5
parent84f357641f6309f0bc8d2d3f445107e46d6a5101 [diff]
acme: implement Client.ListCertAlternates

Let's Encrypt is defaulting to a longer cross-signed chain on May 4th,
2021 but will offer the ability to download the shorter chain via an
alternate URL via a link header [1]. The shorter chain can be selected
to workaround a validation bug in legacy versions of OpenSSL, GnuTLS,
and LibreSSL. The alternate relation is described in section 7.4.2 of
RFC 8555.

ListCertAlternates should be passed the original certificate chain URL
and will return a list of alternate chain URLs that can be passed to
FetchCert to download.

Fixes golang/go#42437

[1] https://community.letsencrypt.org/t/production-chain-changes/150739

Change-Id: Iaa32e49cb1322ac79ac1a5b4b7980d5401f4b86e
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/277294
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
2 files changed
tree: d26f50954113cc7d02d918c073af488fd51a4de5
  1. acme/
  2. argon2/
  3. bcrypt/
  4. blake2b/
  5. blake2s/
  6. blowfish/
  7. bn256/
  8. cast5/
  9. chacha20/
  10. chacha20poly1305/
  11. cryptobyte/
  12. curve25519/
  13. ed25519/
  14. hkdf/
  15. internal/
  16. md4/
  17. nacl/
  18. ocsp/
  19. openpgp/
  20. otr/
  21. pbkdf2/
  22. pkcs12/
  23. poly1305/
  24. ripemd160/
  25. salsa20/
  26. scrypt/
  27. sha3/
  28. ssh/
  29. tea/
  30. twofish/
  31. xtea/
  32. xts/
  33. .gitattributes
  34. .gitignore
  35. AUTHORS
  36. codereview.cfg
  37. CONTRIBUTING.md
  38. CONTRIBUTORS
  39. go.mod
  40. go.sum
  41. LICENSE
  42. PATENTS
  43. README.md
README.md

Go Cryptography

Go Reference

This repository holds supplementary Go cryptography libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.