x/crypto/x509roots: "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" should be constrained

[FiloSottile]

The root with CN TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 has Mozilla Applied Constraints of *.tr in the https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV report, but appears unconstrained in the fallback bundle.

/cc @rolandshoemaker

[rolandshoemaker]

Assuming this constraint is an additional Mozilla one, we need https://go.dev/issue/57178 to enforce it (in the meantime perhaps we should not be including it in the bundle).

[rolandshoemaker]

It turns out that Mozilla doesn't fully encode trust decision information in certdata.txt, per https://wiki.mozilla.org/CA/Included_Certificates:

If you are embedding our root store, you need to know that we have imposed some restrictions on certain CAs or certificates which are not encoded in certdata.txt. These are documented on a best-efforts basis.

I was partially aware of this, i.e. with regard to the Symantec CT restrictions, but I wasn't aware the additional name constraints were also part of this. It turns out that the only additional name constraint is for this specific root.

We could conceivably also consume https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV to add these additional constraints, but the "Mozilla Applied Constraints" field here is not explicitly documented anywhere (as far as I can tell), so assuming it will always be a single name (or that it'll be a name at all and not something entirely different) is perhaps a pitfall.

We could manually encode this particular restriction, not in the certdata parser itself, but in the root bundle generator. But that is also fragile.

[gopherbot]

Change https://go.dev/cl/562475 mentions this issue: x509roots: manually exclude a confusingly constrained root