src/pkg/[a-m]*: gofix -r error -force=error

R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/5322051
This commit is contained in:
Russ Cox 2011-11-01 22:04:37 -04:00
parent bc69be28e7
commit 107fb7400c
8 changed files with 82 additions and 85 deletions

View File

@ -13,7 +13,6 @@ import (
"crypto/sha1"
"crypto/x509"
"hash"
"os"
)
// a keyAgreement implements the client and server side of a TLS key agreement
@ -24,15 +23,15 @@ type keyAgreement interface {
// In the case that the key agreement protocol doesn't use a
// ServerKeyExchange message, generateServerKeyExchange can return nil,
// nil.
generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, os.Error)
processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, os.Error)
generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error)
processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, error)
// On the client side, the next two methods are called in order.
// This method may not be called if the server doesn't send a
// ServerKeyExchange message.
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) os.Error
generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error)
processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error
generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error)
}
// A cipherSuite is a specific combination of key agreement, cipher and MAC

58
conn.go
View File

@ -11,9 +11,9 @@ import (
"crypto/cipher"
"crypto/subtle"
"crypto/x509"
"errors"
"io"
"net"
"os"
"sync"
)
@ -44,7 +44,7 @@ type Conn struct {
// first permanent error
errMutex sync.Mutex
err os.Error
err error
// input/output
in, out halfConn // in.Mutex < out.Mutex
@ -55,7 +55,7 @@ type Conn struct {
tmp [16]byte
}
func (c *Conn) setError(err os.Error) os.Error {
func (c *Conn) setError(err error) error {
c.errMutex.Lock()
defer c.errMutex.Unlock()
@ -65,7 +65,7 @@ func (c *Conn) setError(err os.Error) os.Error {
return err
}
func (c *Conn) error() os.Error {
func (c *Conn) error() error {
c.errMutex.Lock()
defer c.errMutex.Unlock()
@ -88,21 +88,21 @@ func (c *Conn) RemoteAddr() net.Addr {
// SetTimeout sets the read deadline associated with the connection.
// There is no write deadline.
func (c *Conn) SetTimeout(nsec int64) os.Error {
func (c *Conn) SetTimeout(nsec int64) error {
return c.conn.SetTimeout(nsec)
}
// SetReadTimeout sets the time (in nanoseconds) that
// Read will wait for data before returning os.EAGAIN.
// Setting nsec == 0 (the default) disables the deadline.
func (c *Conn) SetReadTimeout(nsec int64) os.Error {
func (c *Conn) SetReadTimeout(nsec int64) error {
return c.conn.SetReadTimeout(nsec)
}
// SetWriteTimeout exists to satisfy the net.Conn interface
// but is not implemented by TLS. It always returns an error.
func (c *Conn) SetWriteTimeout(nsec int64) os.Error {
return os.NewError("TLS does not support SetWriteTimeout")
func (c *Conn) SetWriteTimeout(nsec int64) error {
return errors.New("TLS does not support SetWriteTimeout")
}
// A halfConn represents one direction of the record layer
@ -129,7 +129,7 @@ func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac ma
// changeCipherSpec changes the encryption and MAC states
// to the ones previously passed to prepareCipherSpec.
func (hc *halfConn) changeCipherSpec() os.Error {
func (hc *halfConn) changeCipherSpec() error {
if hc.nextCipher == nil {
return alertInternalError
}
@ -378,7 +378,7 @@ func (b *block) reserve(n int) {
// readFromUntil reads from r into b until b contains at least n bytes
// or else returns an error.
func (b *block) readFromUntil(r io.Reader, n int) os.Error {
func (b *block) readFromUntil(r io.Reader, n int) error {
// quick case
if len(b.data) >= n {
return nil
@ -399,7 +399,7 @@ func (b *block) readFromUntil(r io.Reader, n int) os.Error {
return nil
}
func (b *block) Read(p []byte) (n int, err os.Error) {
func (b *block) Read(p []byte) (n int, err error) {
n = copy(p, b.data[b.off:])
b.off += n
return
@ -443,7 +443,7 @@ func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
// readRecord reads the next TLS record from the connection
// and updates the record layer state.
// c.in.Mutex <= L; c.input == nil.
func (c *Conn) readRecord(want recordType) os.Error {
func (c *Conn) readRecord(want recordType) error {
// Caller must be in sync with connection:
// handshake data if handshake not yet completed,
// else application data. (We don't support renegotiation.)
@ -502,7 +502,7 @@ Again:
}
}
if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil {
if err == os.EOF {
if err == io.EOF {
err = io.ErrUnexpectedEOF
}
if e, ok := err.(net.Error); !ok || !e.Temporary() {
@ -534,7 +534,7 @@ Again:
break
}
if alert(data[1]) == alertCloseNotify {
c.setError(os.EOF)
c.setError(io.EOF)
break
}
switch data[0] {
@ -543,7 +543,7 @@ Again:
c.in.freeBlock(b)
goto Again
case alertLevelError:
c.setError(&net.OpError{Op: "remote error", Error: alert(data[1])})
c.setError(&net.OpError{Op: "remote error", Err: alert(data[1])})
default:
c.sendAlert(alertUnexpectedMessage)
}
@ -582,7 +582,7 @@ Again:
// sendAlert sends a TLS alert message.
// c.out.Mutex <= L.
func (c *Conn) sendAlertLocked(err alert) os.Error {
func (c *Conn) sendAlertLocked(err alert) error {
c.tmp[0] = alertLevelError
if err == alertNoRenegotiation {
c.tmp[0] = alertLevelWarning
@ -591,14 +591,14 @@ func (c *Conn) sendAlertLocked(err alert) os.Error {
c.writeRecord(recordTypeAlert, c.tmp[0:2])
// closeNotify is a special case in that it isn't an error:
if err != alertCloseNotify {
return c.setError(&net.OpError{Op: "local error", Error: err})
return c.setError(&net.OpError{Op: "local error", Err: err})
}
return nil
}
// sendAlert sends a TLS alert message.
// L < c.out.Mutex.
func (c *Conn) sendAlert(err alert) os.Error {
func (c *Conn) sendAlert(err alert) error {
c.out.Lock()
defer c.out.Unlock()
return c.sendAlertLocked(err)
@ -607,7 +607,7 @@ func (c *Conn) sendAlert(err alert) os.Error {
// writeRecord writes a TLS record with the given type and payload
// to the connection and updates the record layer state.
// c.out.Mutex <= L.
func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) {
b := c.out.newBlock()
for len(data) > 0 {
m := len(data)
@ -643,7 +643,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
c.tmp[0] = alertLevelError
c.tmp[1] = byte(err.(alert))
c.writeRecord(recordTypeAlert, c.tmp[0:2])
c.err = &net.OpError{Op: "local error", Error: err}
c.err = &net.OpError{Op: "local error", Err: err}
return n, c.err
}
}
@ -653,7 +653,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) {
// readHandshake reads the next handshake message from
// the record layer.
// c.in.Mutex < L; c.out.Mutex < L.
func (c *Conn) readHandshake() (interface{}, os.Error) {
func (c *Conn) readHandshake() (interface{}, error) {
for c.hand.Len() < 4 {
if c.err != nil {
return nil, c.err
@ -720,7 +720,7 @@ func (c *Conn) readHandshake() (interface{}, os.Error) {
}
// Write writes data to the connection.
func (c *Conn) Write(b []byte) (n int, err os.Error) {
func (c *Conn) Write(b []byte) (n int, err error) {
if err = c.Handshake(); err != nil {
return
}
@ -739,7 +739,7 @@ func (c *Conn) Write(b []byte) (n int, err os.Error) {
// Read can be made to time out and return err == os.EAGAIN
// after a fixed time limit; see SetTimeout and SetReadTimeout.
func (c *Conn) Read(b []byte) (n int, err os.Error) {
func (c *Conn) Read(b []byte) (n int, err error) {
if err = c.Handshake(); err != nil {
return
}
@ -765,8 +765,8 @@ func (c *Conn) Read(b []byte) (n int, err os.Error) {
}
// Close closes the connection.
func (c *Conn) Close() os.Error {
var alertErr os.Error
func (c *Conn) Close() error {
var alertErr error
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
@ -784,7 +784,7 @@ func (c *Conn) Close() os.Error {
// protocol if it has not yet been run.
// Most uses of this package need not call Handshake
// explicitly: the first Read or Write will call it automatically.
func (c *Conn) Handshake() os.Error {
func (c *Conn) Handshake() error {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
if err := c.error(); err != nil {
@ -830,14 +830,14 @@ func (c *Conn) OCSPResponse() []byte {
// VerifyHostname checks that the peer certificate chain is valid for
// connecting to host. If so, it returns nil; if not, it returns an os.Error
// describing the problem.
func (c *Conn) VerifyHostname(host string) os.Error {
func (c *Conn) VerifyHostname(host string) error {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()
if !c.isClient {
return os.NewError("VerifyHostname called on TLS server connection")
return errors.New("VerifyHostname called on TLS server connection")
}
if !c.handshakeComplete {
return os.NewError("TLS handshake has not yet been performed")
return errors.New("TLS handshake has not yet been performed")
}
return c.peerCertificates[0].VerifyHostname(host)
}

View File

@ -9,11 +9,11 @@ import (
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
"errors"
"io"
"os"
)
func (c *Conn) clientHandshake() os.Error {
func (c *Conn) clientHandshake() error {
finishedHash := newFinishedHash(versionTLS10)
if c.config == nil {
@ -40,7 +40,7 @@ func (c *Conn) clientHandshake() os.Error {
_, err := io.ReadFull(c.config.rand(), hello.random[4:])
if err != nil {
c.sendAlert(alertInternalError)
return os.NewError("short read from Rand")
return errors.New("short read from Rand")
}
finishedHash.Write(hello.marshal())
@ -69,7 +69,7 @@ func (c *Conn) clientHandshake() os.Error {
if !hello.nextProtoNeg && serverHello.nextProtoNeg {
c.sendAlert(alertHandshakeFailure)
return os.NewError("server advertised unrequested NPN")
return errors.New("server advertised unrequested NPN")
}
suite, suiteId := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite)
@ -92,7 +92,7 @@ func (c *Conn) clientHandshake() os.Error {
cert, err := x509.ParseCertificate(asn1Data)
if err != nil {
c.sendAlert(alertBadCertificate)
return os.NewError("failed to parse certificate from server: " + err.String())
return errors.New("failed to parse certificate from server: " + err.Error())
}
certs[i] = cert
}

View File

@ -9,11 +9,11 @@ import (
"crypto/rsa"
"crypto/subtle"
"crypto/x509"
"errors"
"io"
"os"
)
func (c *Conn) serverHandshake() os.Error {
func (c *Conn) serverHandshake() error {
config := c.config
msg, err := c.readHandshake()
if err != nil {
@ -177,7 +177,7 @@ FindCipherSuite:
cert, err := x509.ParseCertificate(asn1Data)
if err != nil {
c.sendAlert(alertBadCertificate)
return os.NewError("could not parse client's certificate: " + err.String())
return errors.New("could not parse client's certificate: " + err.Error())
}
certs[i] = cert
}
@ -186,7 +186,7 @@ FindCipherSuite:
for i := 1; i < len(certs); i++ {
if err := certs[i-1].CheckSignatureFrom(certs[i]); err != nil {
c.sendAlert(alertBadCertificate)
return os.NewError("could not validate certificate signature: " + err.String())
return errors.New("could not validate certificate signature: " + err.Error())
}
}
@ -233,7 +233,7 @@ FindCipherSuite:
err = rsa.VerifyPKCS1v15(pub, crypto.MD5SHA1, digest, certVerify.signature)
if err != nil {
c.sendAlert(alertBadCertificate)
return os.NewError("could not validate signature of connection nonces: " + err.String())
return errors.New("could not validate signature of connection nonces: " + err.Error())
}
finishedHash.Write(certVerify.marshal())

View File

@ -12,7 +12,6 @@ import (
"flag"
"io"
"net"
"os"
"strconv"
"strings"
"testing"
@ -20,7 +19,7 @@ import (
type zeroSource struct{}
func (zeroSource) Read(b []byte) (n int, err os.Error) {
func (zeroSource) Read(b []byte) (n int, err error) {
for i := range b {
b[i] = 0
}
@ -41,7 +40,7 @@ func init() {
testConfig.InsecureSkipVerify = true
}
func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error) {
func testClientHelloFailure(t *testing.T, m handshakeMessage, expected error) {
// Create in-memory network connection,
// send message to server. Should return
// expected error.
@ -56,7 +55,7 @@ func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error)
}()
err := Server(s, testConfig).Handshake()
s.Close()
if e, ok := err.(*net.OpError); !ok || e.Error != expected {
if e, ok := err.(*net.OpError); !ok || e.Err != expected {
t.Errorf("Got error: %s; expected: %s", err, expected)
}
}
@ -93,7 +92,7 @@ func TestAlertForwarding(t *testing.T) {
err := Server(s, testConfig).Handshake()
s.Close()
if e, ok := err.(*net.OpError); !ok || e.Error != os.Error(alertUnknownCA) {
if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) {
t.Errorf("Got error: %s; expected: %s", err, alertUnknownCA)
}
}
@ -104,8 +103,8 @@ func TestClose(t *testing.T) {
err := Server(s, testConfig).Handshake()
s.Close()
if err != os.EOF {
t.Errorf("Got error: %s; expected: %s", err, os.EOF)
if err != io.EOF {
t.Errorf("Got error: %s; expected: %s", err, io.EOF)
}
}

View File

@ -12,19 +12,19 @@ import (
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"errors"
"io"
"os"
)
// rsaKeyAgreement implements the standard TLS key agreement where the client
// encrypts the pre-master secret to the server's public key.
type rsaKeyAgreement struct{}
func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) {
func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
return nil, nil
}
func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) {
func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
preMasterSecret := make([]byte, 48)
_, err := io.ReadFull(config.rand(), preMasterSecret[2:])
if err != nil {
@ -32,14 +32,14 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe
}
if len(ckx.ciphertext) < 2 {
return nil, os.NewError("bad ClientKeyExchange")
return nil, errors.New("bad ClientKeyExchange")
}
ciphertext := ckx.ciphertext
if version != versionSSL30 {
ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1])
if ciphertextLen != len(ckx.ciphertext)-2 {
return nil, os.NewError("bad ClientKeyExchange")
return nil, errors.New("bad ClientKeyExchange")
}
ciphertext = ckx.ciphertext[2:]
}
@ -57,11 +57,11 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe
return preMasterSecret, nil
}
func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
return os.NewError("unexpected ServerKeyExchange")
func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
return errors.New("unexpected ServerKeyExchange")
}
func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
preMasterSecret := make([]byte, 48)
preMasterSecret[0] = byte(clientHello.vers >> 8)
preMasterSecret[1] = byte(clientHello.vers)
@ -109,7 +109,7 @@ type ecdheRSAKeyAgreement struct {
x, y *big.Int
}
func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) {
func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
var curveid uint16
Curve:
@ -131,7 +131,7 @@ Curve:
}
var x, y *big.Int
var err os.Error
var err error
ka.privateKey, x, y, err = ka.curve.GenerateKey(config.rand())
if err != nil {
return nil, err
@ -149,7 +149,7 @@ Curve:
md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams)
sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1)
if err != nil {
return nil, os.NewError("failed to sign ECDHE parameters: " + err.String())
return nil, errors.New("failed to sign ECDHE parameters: " + err.Error())
}
skx := new(serverKeyExchangeMsg)
@ -163,13 +163,13 @@ Curve:
return skx, nil
}
func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) {
func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 {
return nil, os.NewError("bad ClientKeyExchange")
return nil, errors.New("bad ClientKeyExchange")
}
x, y := ka.curve.Unmarshal(ckx.ciphertext[1:])
if x == nil {
return nil, os.NewError("bad ClientKeyExchange")
return nil, errors.New("bad ClientKeyExchange")
}
x, _ = ka.curve.ScalarMult(x, y, ka.privateKey)
preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3)
@ -179,14 +179,14 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl
return preMasterSecret, nil
}
var errServerKeyExchange = os.NewError("invalid ServerKeyExchange")
var errServerKeyExchange = errors.New("invalid ServerKeyExchange")
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error {
func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
if len(skx.key) < 4 {
return errServerKeyExchange
}
if skx.key[0] != 3 { // named curve
return os.NewError("server selected unsupported curve")
return errors.New("server selected unsupported curve")
}
curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2])
@ -198,7 +198,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
case curveP521:
ka.curve = elliptic.P521()
default:
return os.NewError("server selected unsupported curve")
return errors.New("server selected unsupported curve")
}
publicLen := int(skx.key[3])
@ -225,9 +225,9 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)
}
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) {
func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
if ka.curve == nil {
return nil, nil, os.NewError("missing ServerKeyExchange message")
return nil, nil, errors.New("missing ServerKeyExchange message")
}
priv, mx, my, err := ka.curve.GenerateKey(config.rand())
if err != nil {

3
prf.go
View File

@ -9,7 +9,6 @@ import (
"crypto/md5"
"crypto/sha1"
"hash"
"os"
)
// Split a premaster secret in two as specified in RFC 4346, section 5.
@ -156,7 +155,7 @@ type finishedHash struct {
version uint16
}
func (h finishedHash) Write(msg []byte) (n int, err os.Error) {
func (h finishedHash) Write(msg []byte) (n int, err error) {
h.clientMD5.Write(msg)
h.clientSHA1.Write(msg)
h.serverMD5.Write(msg)

24
tls.go
View File

@ -10,9 +10,9 @@ import (
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"io/ioutil"
"net"
"os"
"strings"
)
@ -41,7 +41,7 @@ type Listener struct {
// Accept waits for and returns the next incoming TLS connection.
// The returned connection c is a *tls.Conn.
func (l *Listener) Accept() (c net.Conn, err os.Error) {
func (l *Listener) Accept() (c net.Conn, err error) {
c, err = l.listener.Accept()
if err != nil {
return
@ -51,7 +51,7 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) {
}
// Close closes the listener.
func (l *Listener) Close() os.Error { return l.listener.Close() }
func (l *Listener) Close() error { return l.listener.Close() }
// Addr returns the listener's network address.
func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
@ -71,9 +71,9 @@ func NewListener(listener net.Listener, config *Config) (l *Listener) {
// given network address using net.Listen.
// The configuration config must be non-nil and must have
// at least one certificate.
func Listen(network, laddr string, config *Config) (*Listener, os.Error) {
func Listen(network, laddr string, config *Config) (*Listener, error) {
if config == nil || len(config.Certificates) == 0 {
return nil, os.NewError("tls.Listen: no certificates in configuration")
return nil, errors.New("tls.Listen: no certificates in configuration")
}
l, err := net.Listen(network, laddr)
if err != nil {
@ -88,7 +88,7 @@ func Listen(network, laddr string, config *Config) (*Listener, os.Error) {
// Dial interprets a nil configuration as equivalent to
// the zero configuration; see the documentation of Config
// for the defaults.
func Dial(network, addr string, config *Config) (*Conn, os.Error) {
func Dial(network, addr string, config *Config) (*Conn, error) {
raddr := addr
c, err := net.Dial(network, raddr)
if err != nil {
@ -120,7 +120,7 @@ func Dial(network, addr string, config *Config) (*Conn, os.Error) {
// LoadX509KeyPair reads and parses a public/private key pair from a pair of
// files. The files must contain PEM encoded data.
func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.Error) {
func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err error) {
certPEMBlock, err := ioutil.ReadFile(certFile)
if err != nil {
return
@ -134,7 +134,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
// X509KeyPair parses a public/private key pair from a pair of
// PEM encoded data.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Error) {
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
@ -147,19 +147,19 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err
}
if len(cert.Certificate) == 0 {
err = os.NewError("crypto/tls: failed to parse certificate PEM data")
err = errors.New("crypto/tls: failed to parse certificate PEM data")
return
}
keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil {
err = os.NewError("crypto/tls: failed to parse key PEM data")
err = errors.New("crypto/tls: failed to parse key PEM data")
return
}
key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes)
if err != nil {
err = os.NewError("crypto/tls: failed to parse key: " + err.String())
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
return
}
@ -173,7 +173,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err
}
if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
err = os.NewError("crypto/tls: private key does not match public key")
err = errors.New("crypto/tls: private key does not match public key")
return
}