Описание
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-1.24 | fixed | 1.24.4-1 | package | |
| golang-1.23 | not-affected | package | ||
| golang-1.19 | not-affected | package | ||
| golang-1.15 | not-affected | package |
Примечания
https://github.com/golang/go/issues/73612
Fixed by: https://github.com/golang/go/commit/03811ab1b31525e8d779997db169c6fedab7c505 (go1.24.4)
Introduced with: https://github.com/golang/go/commit/e8d95619978c4602d4446f113b3b69b7a22308fa (go1.24rc1)
Связанные уязвимости
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Usage of ExtKeyUsageAny disables policy validation in crypto/x509
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.