qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-22 05:44:41 -07:00
Code Releases Activity

Fix certificate validation.

Browse Source 
asn1: add support for T61String because this is the string type which
    several www.google.com certificates are now using for fields like
    CommonName
tls: force a handshake in Dial so that certificates are ready
    afterwards.

Fixes #1114.

R=rsc
CC=golang-dev
https://golang.org/cl/2216043
This commit is contained in:
Adam Langley 2010-09-20 10:32:08 -04:00
parent 724886b0c0
commit 6989f6e312
4 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/pkg/asn1/asn1.go
View File

@ -290,6 +290,14 @@ func parseIA5String(bytes []byte) (ret string, err os.Error) {
return return
} }
// T61String
// parseT61String parses a ASN.1 T61String (8-bit clean string) from the given
// byte array and returns it.
func parseT61String(bytes []byte) (ret string, err os.Error) {
return string(bytes), nil
}
// A RawValue represents an undecoded ASN.1 object. // A RawValue represents an undecoded ASN.1 object.
type RawValue struct { type RawValue struct {
Class, Tag int Class, Tag int
@ -472,6 +480,8 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
result, err = parsePrintableString(innerBytes) result, err = parsePrintableString(innerBytes)
case tagIA5String: case tagIA5String:
result, err = parseIA5String(innerBytes) result, err = parseIA5String(innerBytes)
case tagT61String:
result, err = parseT61String(innerBytes)
case tagInteger: case tagInteger:
result, err = parseInt64(innerBytes) result, err = parseInt64(innerBytes)
case tagBitString: case tagBitString:
@ -689,6 +699,8 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
v, err = parsePrintableString(innerBytes) v, err = parsePrintableString(innerBytes)
case tagIA5String: case tagIA5String:
v, err = parseIA5String(innerBytes) v, err = parseIA5String(innerBytes)
case tagT61String:
v, err = parseT61String(innerBytes)
default: default:
err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag)} err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag)}
} }

1
src/pkg/asn1/common.go
View File

@ -28,6 +28,7 @@ const (
tagSequence = 16 tagSequence = 16
tagSet = 17 tagSet = 17
tagPrintableString = 19 tagPrintableString = 19
tagT61String = 20
tagIA5String = 22 tagIA5String = 22
tagUTCTime = 23 tagUTCTime = 23
tagGeneralizedTime = 24 tagGeneralizedTime = 24

10
src/pkg/crypto/tls/conn.go
View File

@ -675,5 +675,13 @@ func (c *Conn) PeerCertificates() []*x509.Certificate {
// connecting to host. If so, it returns nil; if not, it returns an os.Error // connecting to host. If so, it returns nil; if not, it returns an os.Error
// describing the problem. // describing the problem.
func (c *Conn) VerifyHostname(host string) os.Error { func (c *Conn) VerifyHostname(host string) os.Error {
return c.PeerCertificates()[0].VerifyHostname(host) c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
if !c.isClient {
return os.ErrorString("VerifyHostname called on TLS server connection")
}
if !c.handshakeComplete {
return os.ErrorString("TLS handshake has not yet been performed")
}
return c.peerCertificates[0].VerifyHostname(host)
} }

8
src/pkg/crypto/tls/tls.go
View File

@ -67,7 +67,13 @@ func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
return Client(c, nil), nil conn := Client(c, nil)
err = conn.Handshake()
if err == nil {
return conn, nil
}
c.Close()
return nil, err
} }
// LoadX509KeyPair // LoadX509KeyPair