Add OCSP stapling and SCT list support to 1.3 servers in Go.
Change-Id: Iee1ff6032ea4188440e191f98f07d84fed7ac36d Reviewed-on: https://boringssl-review.googlesource.com/8630 Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
parent
728eed8277
commit
615119a9e9
@ -391,6 +391,15 @@ Curves:
|
||||
c.out.updateKeys(deriveTrafficAEAD(c.vers, hs.suite, handshakeTrafficSecret, handshakePhase, serverWrite), c.vers)
|
||||
c.in.updateKeys(deriveTrafficAEAD(c.vers, hs.suite, handshakeTrafficSecret, handshakePhase, clientWrite), c.vers)
|
||||
|
||||
if hs.suite.flags&suitePSK != 0 {
|
||||
if hs.clientHello.ocspStapling {
|
||||
encryptedExtensions.extensions.ocspResponse = hs.cert.OCSPStaple
|
||||
}
|
||||
if hs.clientHello.sctListSupported {
|
||||
encryptedExtensions.extensions.sctList = hs.cert.SignedCertificateTimestampList
|
||||
}
|
||||
}
|
||||
|
||||
// Send EncryptedExtensions.
|
||||
hs.writeServerHash(encryptedExtensions.marshal())
|
||||
c.writeRecord(recordTypeHandshake, encryptedExtensions.marshal())
|
||||
|
Loading…
Reference in New Issue
Block a user