Cypherpunks.ru repositories - gostls13.git/commit

author	Brad Fitzpatrick <bradfitz@golang.org>
	Fri, 24 Apr 2020 15:04:16 +0000 (08:04 -0700)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Sat, 7 Nov 2020 16:59:40 +0000 (16:59 +0000)
commit	e8379ab5964a920e59dbcc5bc4eaa1bbf5a88e90
tree	7ead9ce2329488bdf6c197c429ada8a74d607461	tree
parent	2c80de74d57de74cc50ba7195392cada4e9c3ea2	commit \| diff

crypto/x509: add support for CertPool to load certs lazily

This will allow building CertPools that consume less memory. (Most
certs are never accessed. Different users/programs access different
ones, but not many.)

This CL only adds the new internal mechanism (and uses it for the
old AddCert) but does not modify any existing root pool behavior.
(That is, the default Unix roots are still all slurped into memory as
of this CL)

Change-Id: Ib3a42e4050627b5e34413c595d8ced839c7bfa14
Reviewed-on: https://go-review.googlesource.com/c/go/+/229917
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Brad Fitzpatrick <bradfitz@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

src/crypto/x509/cert_pool.go		diff \| blob \| history
src/crypto/x509/name_constraints_test.go		diff \| blob \| history
src/crypto/x509/root_cgo_darwin.go		diff \| blob \| history
src/crypto/x509/root_darwin_test.go		diff \| blob \| history
src/crypto/x509/root_unix.go		diff \| blob \| history
src/crypto/x509/root_unix_test.go		diff \| blob \| history
src/crypto/x509/root_windows.go		diff \| blob \| history
src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/x509_test.go		diff \| blob \| history