diff options
| -rw-r--r-- | src/crypto/x509/root_windows.go | 3 | ||||
| -rw-r--r-- | src/crypto/x509/root_windows_test.go | 10 | ||||
| -rw-r--r-- | src/crypto/x509/verify_test.go | 12 |
3 files changed, 24 insertions, 1 deletions
diff --git a/src/crypto/x509/root_windows.go b/src/crypto/x509/root_windows.go index 76d6e6ac70..11a4257b01 100644 --- a/src/crypto/x509/root_windows.go +++ b/src/crypto/x509/root_windows.go @@ -7,6 +7,7 @@ package x509 import ( "bytes" "errors" + "strings" "syscall" "unsafe" ) @@ -109,7 +110,7 @@ func checkChainTrustStatus(c *Certificate, chainCtx *syscall.CertChainContext) e // checkChainSSLServerPolicy checks that the certificate chain in chainCtx is valid for // use as a certificate chain for a SSL/TLS server. func checkChainSSLServerPolicy(c *Certificate, chainCtx *syscall.CertChainContext, opts *VerifyOptions) error { - servernamep, err := syscall.UTF16PtrFromString(opts.DNSName) + servernamep, err := syscall.UTF16PtrFromString(strings.TrimSuffix(opts.DNSName, ".")) if err != nil { return err } diff --git a/src/crypto/x509/root_windows_test.go b/src/crypto/x509/root_windows_test.go index f6dafe4004..54dbc161dc 100644 --- a/src/crypto/x509/root_windows_test.go +++ b/src/crypto/x509/root_windows_test.go @@ -52,6 +52,16 @@ func TestPlatformVerifier(t *testing.T) { host: "google.com", }, { + name: "valid chain (dns check)", + host: "google.com", + verifyName: "google.com", + }, + { + name: "valid chain (fqdn dns check)", + host: "google.com.", + verifyName: "google.com.", + }, + { name: "expired leaf", host: "expired.badssl.com", expectedErr: "x509: certificate has expired or is not yet valid: ", diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go index 164c47fd6d..988b17e15d 100644 --- a/src/crypto/x509/verify_test.go +++ b/src/crypto/x509/verify_test.go @@ -53,6 +53,18 @@ var verifyTests = []verifyTest{ }, }, { + name: "Valid (fqdn)", + leaf: googleLeaf, + intermediates: []string{gtsIntermediate}, + roots: []string{gtsRoot}, + currentTime: 1677615892, + dnsName: "www.google.com.", + + expectedChains: [][]string{ + {"www.google.com", "GTS CA 1C3", "GTS Root R1"}, + }, + }, + { name: "MixedCase", leaf: googleLeaf, intermediates: []string{gtsIntermediate}, |