diff options
author | Filippo Valsorda <filippo@golang.org> | 2020-07-17 03:52:23 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2020-07-24 17:09:32 +0000 |
commit | 074f2d800f2c7b741a080081cfcc5295b375b23d (patch) | |
tree | e9ad848b197386b039cc5365f6117e943791dd0a /doc | |
parent | 78c20c81aaa7d8d8a4aa2132806f51fb68f33a1e (diff) | |
download | go-074f2d800f2c7b741a080081cfcc5295b375b23d.tar.gz go-074f2d800f2c7b741a080081cfcc5295b375b23d.zip |
doc/go1.15: surface the crypto/x509 CommonName deprecation note
Updates #39568
Updates #37419
Updates #24151
Change-Id: I44c940e09e26a039076396bbfecb2b1574197cf7
Reviewed-on: https://go-review.googlesource.com/c/go/+/243221
Reviewed-by: Kevin Burke <kev@inburke.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.15.html | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/doc/go1.15.html b/doc/go1.15.html index 0cbc9be60d..42687a4741 100644 --- a/doc/go1.15.html +++ b/doc/go1.15.html @@ -386,6 +386,23 @@ Do not send CLs removing the interior tags from such phrases. documentation</a> for more information. </p> +<h3 id="commonname">X.509 CommonName deprecation</h3> + +<p><!-- CL 231379 --> + The deprecated, legacy behavior of treating the <code>CommonName</code> + field on X.509 certificates as a host name when no Subject Alternative Names + are present is now disabled by default. It can be temporarily re-enabled by + adding the value <code>x509ignoreCN=0</code> to the <code>GODEBUG</code> + environment variable. +</p> + +<p> + Note that if the <code>CommonName</code> is an invalid host name, it's always + ignored, regardless of <code>GODEBUG</code> settings. Invalid names include + those with any characters other than letters, digits, hyphens and underscores, + and those with empty labels or trailing dots. +</p> + <h3 id="minor_library_changes">Minor changes to the library</h3> <p> @@ -523,15 +540,6 @@ Do not send CLs removing the interior tags from such phrases. certificates with trailing dots. </p> - <p><!-- CL 231379 --> - The deprecated, legacy behavior of treating the <code>CommonName</code> - field as a hostname when no Subject Alternative Names are present is now - disabled by default. It can be temporarily re-enabled by adding the value - <code>x509ignoreCN=0</code> to the <code>GODEBUG</code> environment - variable. If the <code>CommonName</code> is an invalid hostname, it's - always ignored. - </p> - <p><!-- CL 217298 --> The new <a href="/pkg/crypto/x509/#CreateRevocationList"><code>CreateRevocationList</code></a> function and <a href="/pkg/crypto/x509/#RevocationList"><code>RevocationList</code></a> type |