mirror of
https://github.com/golang/go
synced 2024-11-24 23:07:56 -07:00
Fix certificate validation.
asn1: add support for T61String because this is the string type which several www.google.com certificates are now using for fields like CommonName tls: force a handshake in Dial so that certificates are ready afterwards. Fixes #1114. R=rsc CC=golang-dev https://golang.org/cl/2216043
This commit is contained in:
parent
724886b0c0
commit
6989f6e312
@ -290,6 +290,14 @@ func parseIA5String(bytes []byte) (ret string, err os.Error) {
|
||||
return
|
||||
}
|
||||
|
||||
// T61String
|
||||
|
||||
// parseT61String parses a ASN.1 T61String (8-bit clean string) from the given
|
||||
// byte array and returns it.
|
||||
func parseT61String(bytes []byte) (ret string, err os.Error) {
|
||||
return string(bytes), nil
|
||||
}
|
||||
|
||||
// A RawValue represents an undecoded ASN.1 object.
|
||||
type RawValue struct {
|
||||
Class, Tag int
|
||||
@ -472,6 +480,8 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
||||
result, err = parsePrintableString(innerBytes)
|
||||
case tagIA5String:
|
||||
result, err = parseIA5String(innerBytes)
|
||||
case tagT61String:
|
||||
result, err = parseT61String(innerBytes)
|
||||
case tagInteger:
|
||||
result, err = parseInt64(innerBytes)
|
||||
case tagBitString:
|
||||
@ -689,6 +699,8 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam
|
||||
v, err = parsePrintableString(innerBytes)
|
||||
case tagIA5String:
|
||||
v, err = parseIA5String(innerBytes)
|
||||
case tagT61String:
|
||||
v, err = parseT61String(innerBytes)
|
||||
default:
|
||||
err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag)}
|
||||
}
|
||||
|
@ -28,6 +28,7 @@ const (
|
||||
tagSequence = 16
|
||||
tagSet = 17
|
||||
tagPrintableString = 19
|
||||
tagT61String = 20
|
||||
tagIA5String = 22
|
||||
tagUTCTime = 23
|
||||
tagGeneralizedTime = 24
|
||||
|
@ -675,5 +675,13 @@ func (c *Conn) PeerCertificates() []*x509.Certificate {
|
||||
// connecting to host. If so, it returns nil; if not, it returns an os.Error
|
||||
// describing the problem.
|
||||
func (c *Conn) VerifyHostname(host string) os.Error {
|
||||
return c.PeerCertificates()[0].VerifyHostname(host)
|
||||
c.handshakeMutex.Lock()
|
||||
defer c.handshakeMutex.Unlock()
|
||||
if !c.isClient {
|
||||
return os.ErrorString("VerifyHostname called on TLS server connection")
|
||||
}
|
||||
if !c.handshakeComplete {
|
||||
return os.ErrorString("TLS handshake has not yet been performed")
|
||||
}
|
||||
return c.peerCertificates[0].VerifyHostname(host)
|
||||
}
|
||||
|
@ -67,7 +67,13 @@ func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return Client(c, nil), nil
|
||||
conn := Client(c, nil)
|
||||
err = conn.Handshake()
|
||||
if err == nil {
|
||||
return conn, nil
|
||||
}
|
||||
c.Close()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// LoadX509KeyPair
|
||||
|
Loading…
Reference in New Issue
Block a user