qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-19 23:04:40 -07:00
Code Releases Activity

crypto/tls: add client-side SNI support and PeerCertificates.

Browse Source 
SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).

PeerCertificates returns the list of certificates presented by
server.

R=r
CC=golang-dev
https://golang.org/cl/1741053
This commit is contained in:
Adam Langley 2010-07-21 11:36:01 -04:00
parent 8286ee4c5b
commit 7be849d4a6
4 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/pkg/crypto/tls/common.go
View File

@ -85,6 +85,9 @@ type Config struct {
// NextProtos is a list of supported, application level protocols. // NextProtos is a list of supported, application level protocols.
// Currently only server-side handling is supported. // Currently only server-side handling is supported.
NextProtos []string NextProtos []string
// ServerName is included in the client's handshake to support virtual
// hosting.
ServerName string
} }
type Certificate struct { type Certificate struct {

11
src/pkg/crypto/tls/conn.go
View File

@ -5,6 +5,7 @@ package tls
import ( import (
"bytes" "bytes"
"crypto/subtle" "crypto/subtle"
"crypto/x509"
"hash" "hash"
"io" "io"
"net" "net"
@ -27,6 +28,7 @@ type Conn struct {
handshakeComplete bool handshakeComplete bool
cipherSuite uint16 cipherSuite uint16
ocspResponse []byte // stapled OCSP response ocspResponse []byte // stapled OCSP response
peerCertificates []*x509.Certificate
clientProtocol string clientProtocol string
@ -651,3 +653,12 @@ func (c *Conn) OCSPResponse() []byte {
return c.ocspResponse return c.ocspResponse
} }
// PeerCertificates returns the certificate chain that was presented by the
// other side.
func (c *Conn) PeerCertificates() []*x509.Certificate {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
return c.peerCertificates
}

3
src/pkg/crypto/tls/handshake_client.go
View File

@ -28,6 +28,7 @@ func (c *Conn) clientHandshake() os.Error {
compressionMethods: []uint8{compressionNone}, compressionMethods: []uint8{compressionNone},
random: make([]byte, 32), random: make([]byte, 32),
ocspStapling: true, ocspStapling: true,
serverName: c.config.ServerName,
} }
t := uint32(c.config.Time()) t := uint32(c.config.Time())
@ -107,6 +108,8 @@ func (c *Conn) clientHandshake() os.Error {
return c.sendAlert(alertUnsupportedCertificate) return c.sendAlert(alertUnsupportedCertificate)
} }
c.peerCertificates = certs
if serverHello.certStatus { if serverHello.certStatus {
msg, err = c.readHandshake() msg, err = c.readHandshake()
if err != nil { if err != nil {

3
src/pkg/crypto/tls/handshake_messages.go
View File

@ -100,7 +100,8 @@ func (m *clientHelloMsg) marshal() []byte {
// ServerName server_name_list<1..2^16-1> // ServerName server_name_list<1..2^16-1>
// } ServerNameList; // } ServerNameList;
z[1] = 1 z[0] = byte((len(m.serverName) + 3) >> 8)
z[1] = byte(len(m.serverName) + 3)
z[3] = byte(len(m.serverName) >> 8) z[3] = byte(len(m.serverName) >> 8)
z[4] = byte(len(m.serverName)) z[4] = byte(len(m.serverName))
copy(z[5:], []byte(m.serverName)) copy(z[5:], []byte(m.serverName))