)]}' { "commit": "d86eb1bbb32c622490241032fae4e24782aeff91", "tree": "b6dc461bec7a852a6b9c2490446c1a8229e3941b", "parents": [ "923feba60897676019b00d017ae4eba796a1f6ff" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Wed Apr 17 17:38:52 2019 -0500" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Thu Apr 18 18:37:36 2019 +0000" }, "message": "Disable the common name fallback on *any* SAN list.\n\nThis aligns with the Go crypto/x509 behavior and reduces the cases when\nthe SAN to CN fallback occurs. If the certificate is new enough to have\na SAN list, even if it only contains email or IP addresses, it is\nreasonable to assume the certificate is new enough that the common name\nis not a DNS name.\n\nUpdate-Note: Our certificate verification is getting slightly stricter.\nChange-Id: I9e3466d8dd8a722405c546181a589f797efa43f9\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35647\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "93bb582e8693a7e0f41ea6b14c2bbe1dc53dec6b", "old_mode": 33188, "old_path": "crypto/x509/x509_test.cc", "new_id": "517635edec6792c81c3755dd6cea094b1a254f0c", "new_mode": 33188, "new_path": "crypto/x509/x509_test.cc" }, { "type": "modify", "old_id": "ebda63aa4950249db8fbf5793830fe8efed07883", "old_mode": 33188, "old_path": "crypto/x509v3/v3_utl.c", "new_id": "51db47874a737fd2af8aecf2b0296193a66d941b", "new_mode": 33188, "new_path": "crypto/x509v3/v3_utl.c" } ] }