diff --git a/cipher_suites.go b/cipher_suites.go index 0c62251..1134f36 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -13,7 +13,6 @@ import ( "crypto/sha1" "crypto/x509" "hash" - "os" ) // a keyAgreement implements the client and server side of a TLS key agreement @@ -24,15 +23,15 @@ type keyAgreement interface { // In the case that the key agreement protocol doesn't use a // ServerKeyExchange message, generateServerKeyExchange can return nil, // nil. - generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) - processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, os.Error) + generateServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) + processClientKeyExchange(*Config, *clientKeyExchangeMsg, uint16) ([]byte, error) // On the client side, the next two methods are called in order. // This method may not be called if the server doesn't send a // ServerKeyExchange message. - processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) os.Error - generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) + processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error + generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) } // A cipherSuite is a specific combination of key agreement, cipher and MAC diff --git a/conn.go b/conn.go index 9bca7d9..c052337 100644 --- a/conn.go +++ b/conn.go @@ -11,9 +11,9 @@ import ( "crypto/cipher" "crypto/subtle" "crypto/x509" + "errors" "io" "net" - "os" "sync" ) @@ -44,7 +44,7 @@ type Conn struct { // first permanent error errMutex sync.Mutex - err os.Error + err error // input/output in, out halfConn // in.Mutex < out.Mutex @@ -55,7 +55,7 @@ type Conn struct { tmp [16]byte } -func (c *Conn) setError(err os.Error) os.Error { +func (c *Conn) setError(err error) error { c.errMutex.Lock() defer c.errMutex.Unlock() @@ -65,7 +65,7 @@ func (c *Conn) setError(err os.Error) os.Error { return err } -func (c *Conn) error() os.Error { +func (c *Conn) error() error { c.errMutex.Lock() defer c.errMutex.Unlock() @@ -88,21 +88,21 @@ func (c *Conn) RemoteAddr() net.Addr { // SetTimeout sets the read deadline associated with the connection. // There is no write deadline. -func (c *Conn) SetTimeout(nsec int64) os.Error { +func (c *Conn) SetTimeout(nsec int64) error { return c.conn.SetTimeout(nsec) } // SetReadTimeout sets the time (in nanoseconds) that // Read will wait for data before returning os.EAGAIN. // Setting nsec == 0 (the default) disables the deadline. -func (c *Conn) SetReadTimeout(nsec int64) os.Error { +func (c *Conn) SetReadTimeout(nsec int64) error { return c.conn.SetReadTimeout(nsec) } // SetWriteTimeout exists to satisfy the net.Conn interface // but is not implemented by TLS. It always returns an error. -func (c *Conn) SetWriteTimeout(nsec int64) os.Error { - return os.NewError("TLS does not support SetWriteTimeout") +func (c *Conn) SetWriteTimeout(nsec int64) error { + return errors.New("TLS does not support SetWriteTimeout") } // A halfConn represents one direction of the record layer @@ -129,7 +129,7 @@ func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac ma // changeCipherSpec changes the encryption and MAC states // to the ones previously passed to prepareCipherSpec. -func (hc *halfConn) changeCipherSpec() os.Error { +func (hc *halfConn) changeCipherSpec() error { if hc.nextCipher == nil { return alertInternalError } @@ -378,7 +378,7 @@ func (b *block) reserve(n int) { // readFromUntil reads from r into b until b contains at least n bytes // or else returns an error. -func (b *block) readFromUntil(r io.Reader, n int) os.Error { +func (b *block) readFromUntil(r io.Reader, n int) error { // quick case if len(b.data) >= n { return nil @@ -399,7 +399,7 @@ func (b *block) readFromUntil(r io.Reader, n int) os.Error { return nil } -func (b *block) Read(p []byte) (n int, err os.Error) { +func (b *block) Read(p []byte) (n int, err error) { n = copy(p, b.data[b.off:]) b.off += n return @@ -443,7 +443,7 @@ func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { // readRecord reads the next TLS record from the connection // and updates the record layer state. // c.in.Mutex <= L; c.input == nil. -func (c *Conn) readRecord(want recordType) os.Error { +func (c *Conn) readRecord(want recordType) error { // Caller must be in sync with connection: // handshake data if handshake not yet completed, // else application data. (We don't support renegotiation.) @@ -502,7 +502,7 @@ Again: } } if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil { - if err == os.EOF { + if err == io.EOF { err = io.ErrUnexpectedEOF } if e, ok := err.(net.Error); !ok || !e.Temporary() { @@ -534,7 +534,7 @@ Again: break } if alert(data[1]) == alertCloseNotify { - c.setError(os.EOF) + c.setError(io.EOF) break } switch data[0] { @@ -543,7 +543,7 @@ Again: c.in.freeBlock(b) goto Again case alertLevelError: - c.setError(&net.OpError{Op: "remote error", Error: alert(data[1])}) + c.setError(&net.OpError{Op: "remote error", Err: alert(data[1])}) default: c.sendAlert(alertUnexpectedMessage) } @@ -582,7 +582,7 @@ Again: // sendAlert sends a TLS alert message. // c.out.Mutex <= L. -func (c *Conn) sendAlertLocked(err alert) os.Error { +func (c *Conn) sendAlertLocked(err alert) error { c.tmp[0] = alertLevelError if err == alertNoRenegotiation { c.tmp[0] = alertLevelWarning @@ -591,14 +591,14 @@ func (c *Conn) sendAlertLocked(err alert) os.Error { c.writeRecord(recordTypeAlert, c.tmp[0:2]) // closeNotify is a special case in that it isn't an error: if err != alertCloseNotify { - return c.setError(&net.OpError{Op: "local error", Error: err}) + return c.setError(&net.OpError{Op: "local error", Err: err}) } return nil } // sendAlert sends a TLS alert message. // L < c.out.Mutex. -func (c *Conn) sendAlert(err alert) os.Error { +func (c *Conn) sendAlert(err alert) error { c.out.Lock() defer c.out.Unlock() return c.sendAlertLocked(err) @@ -607,7 +607,7 @@ func (c *Conn) sendAlert(err alert) os.Error { // writeRecord writes a TLS record with the given type and payload // to the connection and updates the record layer state. // c.out.Mutex <= L. -func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) { +func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err error) { b := c.out.newBlock() for len(data) > 0 { m := len(data) @@ -643,7 +643,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) { c.tmp[0] = alertLevelError c.tmp[1] = byte(err.(alert)) c.writeRecord(recordTypeAlert, c.tmp[0:2]) - c.err = &net.OpError{Op: "local error", Error: err} + c.err = &net.OpError{Op: "local error", Err: err} return n, c.err } } @@ -653,7 +653,7 @@ func (c *Conn) writeRecord(typ recordType, data []byte) (n int, err os.Error) { // readHandshake reads the next handshake message from // the record layer. // c.in.Mutex < L; c.out.Mutex < L. -func (c *Conn) readHandshake() (interface{}, os.Error) { +func (c *Conn) readHandshake() (interface{}, error) { for c.hand.Len() < 4 { if c.err != nil { return nil, c.err @@ -720,7 +720,7 @@ func (c *Conn) readHandshake() (interface{}, os.Error) { } // Write writes data to the connection. -func (c *Conn) Write(b []byte) (n int, err os.Error) { +func (c *Conn) Write(b []byte) (n int, err error) { if err = c.Handshake(); err != nil { return } @@ -739,7 +739,7 @@ func (c *Conn) Write(b []byte) (n int, err os.Error) { // Read can be made to time out and return err == os.EAGAIN // after a fixed time limit; see SetTimeout and SetReadTimeout. -func (c *Conn) Read(b []byte) (n int, err os.Error) { +func (c *Conn) Read(b []byte) (n int, err error) { if err = c.Handshake(); err != nil { return } @@ -765,8 +765,8 @@ func (c *Conn) Read(b []byte) (n int, err os.Error) { } // Close closes the connection. -func (c *Conn) Close() os.Error { - var alertErr os.Error +func (c *Conn) Close() error { + var alertErr error c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() @@ -784,7 +784,7 @@ func (c *Conn) Close() os.Error { // protocol if it has not yet been run. // Most uses of this package need not call Handshake // explicitly: the first Read or Write will call it automatically. -func (c *Conn) Handshake() os.Error { +func (c *Conn) Handshake() error { c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() if err := c.error(); err != nil { @@ -830,14 +830,14 @@ func (c *Conn) OCSPResponse() []byte { // VerifyHostname checks that the peer certificate chain is valid for // connecting to host. If so, it returns nil; if not, it returns an os.Error // describing the problem. -func (c *Conn) VerifyHostname(host string) os.Error { +func (c *Conn) VerifyHostname(host string) error { c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() if !c.isClient { - return os.NewError("VerifyHostname called on TLS server connection") + return errors.New("VerifyHostname called on TLS server connection") } if !c.handshakeComplete { - return os.NewError("TLS handshake has not yet been performed") + return errors.New("TLS handshake has not yet been performed") } return c.peerCertificates[0].VerifyHostname(host) } diff --git a/handshake_client.go b/handshake_client.go index 575a121..aed991c 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -9,11 +9,11 @@ import ( "crypto/rsa" "crypto/subtle" "crypto/x509" + "errors" "io" - "os" ) -func (c *Conn) clientHandshake() os.Error { +func (c *Conn) clientHandshake() error { finishedHash := newFinishedHash(versionTLS10) if c.config == nil { @@ -40,7 +40,7 @@ func (c *Conn) clientHandshake() os.Error { _, err := io.ReadFull(c.config.rand(), hello.random[4:]) if err != nil { c.sendAlert(alertInternalError) - return os.NewError("short read from Rand") + return errors.New("short read from Rand") } finishedHash.Write(hello.marshal()) @@ -69,7 +69,7 @@ func (c *Conn) clientHandshake() os.Error { if !hello.nextProtoNeg && serverHello.nextProtoNeg { c.sendAlert(alertHandshakeFailure) - return os.NewError("server advertised unrequested NPN") + return errors.New("server advertised unrequested NPN") } suite, suiteId := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite) @@ -92,7 +92,7 @@ func (c *Conn) clientHandshake() os.Error { cert, err := x509.ParseCertificate(asn1Data) if err != nil { c.sendAlert(alertBadCertificate) - return os.NewError("failed to parse certificate from server: " + err.String()) + return errors.New("failed to parse certificate from server: " + err.Error()) } certs[i] = cert } diff --git a/handshake_server.go b/handshake_server.go index ed9a2e6..d5af084 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -9,11 +9,11 @@ import ( "crypto/rsa" "crypto/subtle" "crypto/x509" + "errors" "io" - "os" ) -func (c *Conn) serverHandshake() os.Error { +func (c *Conn) serverHandshake() error { config := c.config msg, err := c.readHandshake() if err != nil { @@ -177,7 +177,7 @@ FindCipherSuite: cert, err := x509.ParseCertificate(asn1Data) if err != nil { c.sendAlert(alertBadCertificate) - return os.NewError("could not parse client's certificate: " + err.String()) + return errors.New("could not parse client's certificate: " + err.Error()) } certs[i] = cert } @@ -186,7 +186,7 @@ FindCipherSuite: for i := 1; i < len(certs); i++ { if err := certs[i-1].CheckSignatureFrom(certs[i]); err != nil { c.sendAlert(alertBadCertificate) - return os.NewError("could not validate certificate signature: " + err.String()) + return errors.New("could not validate certificate signature: " + err.Error()) } } @@ -233,7 +233,7 @@ FindCipherSuite: err = rsa.VerifyPKCS1v15(pub, crypto.MD5SHA1, digest, certVerify.signature) if err != nil { c.sendAlert(alertBadCertificate) - return os.NewError("could not validate signature of connection nonces: " + err.String()) + return errors.New("could not validate signature of connection nonces: " + err.Error()) } finishedHash.Write(certVerify.marshal()) diff --git a/handshake_server_test.go b/handshake_server_test.go index 1939f3d..f2b0a14 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -12,7 +12,6 @@ import ( "flag" "io" "net" - "os" "strconv" "strings" "testing" @@ -20,7 +19,7 @@ import ( type zeroSource struct{} -func (zeroSource) Read(b []byte) (n int, err os.Error) { +func (zeroSource) Read(b []byte) (n int, err error) { for i := range b { b[i] = 0 } @@ -41,7 +40,7 @@ func init() { testConfig.InsecureSkipVerify = true } -func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error) { +func testClientHelloFailure(t *testing.T, m handshakeMessage, expected error) { // Create in-memory network connection, // send message to server. Should return // expected error. @@ -56,7 +55,7 @@ func testClientHelloFailure(t *testing.T, m handshakeMessage, expected os.Error) }() err := Server(s, testConfig).Handshake() s.Close() - if e, ok := err.(*net.OpError); !ok || e.Error != expected { + if e, ok := err.(*net.OpError); !ok || e.Err != expected { t.Errorf("Got error: %s; expected: %s", err, expected) } } @@ -93,7 +92,7 @@ func TestAlertForwarding(t *testing.T) { err := Server(s, testConfig).Handshake() s.Close() - if e, ok := err.(*net.OpError); !ok || e.Error != os.Error(alertUnknownCA) { + if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) { t.Errorf("Got error: %s; expected: %s", err, alertUnknownCA) } } @@ -104,8 +103,8 @@ func TestClose(t *testing.T) { err := Server(s, testConfig).Handshake() s.Close() - if err != os.EOF { - t.Errorf("Got error: %s; expected: %s", err, os.EOF) + if err != io.EOF { + t.Errorf("Got error: %s; expected: %s", err, io.EOF) } } diff --git a/key_agreement.go b/key_agreement.go index e347528..ba34606 100644 --- a/key_agreement.go +++ b/key_agreement.go @@ -12,19 +12,19 @@ import ( "crypto/rsa" "crypto/sha1" "crypto/x509" + "errors" "io" - "os" ) // rsaKeyAgreement implements the standard TLS key agreement where the client // encrypts the pre-master secret to the server's public key. type rsaKeyAgreement struct{} -func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) { +func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { return nil, nil } -func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) { +func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { preMasterSecret := make([]byte, 48) _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) if err != nil { @@ -32,14 +32,14 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe } if len(ckx.ciphertext) < 2 { - return nil, os.NewError("bad ClientKeyExchange") + return nil, errors.New("bad ClientKeyExchange") } ciphertext := ckx.ciphertext if version != versionSSL30 { ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) if ciphertextLen != len(ckx.ciphertext)-2 { - return nil, os.NewError("bad ClientKeyExchange") + return nil, errors.New("bad ClientKeyExchange") } ciphertext = ckx.ciphertext[2:] } @@ -57,11 +57,11 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe return preMasterSecret, nil } -func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error { - return os.NewError("unexpected ServerKeyExchange") +func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { + return errors.New("unexpected ServerKeyExchange") } -func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) { +func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { preMasterSecret := make([]byte, 48) preMasterSecret[0] = byte(clientHello.vers >> 8) preMasterSecret[1] = byte(clientHello.vers) @@ -109,7 +109,7 @@ type ecdheRSAKeyAgreement struct { x, y *big.Int } -func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, os.Error) { +func (ka *ecdheRSAKeyAgreement) generateServerKeyExchange(config *Config, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { var curveid uint16 Curve: @@ -131,7 +131,7 @@ Curve: } var x, y *big.Int - var err os.Error + var err error ka.privateKey, x, y, err = ka.curve.GenerateKey(config.rand()) if err != nil { return nil, err @@ -149,7 +149,7 @@ Curve: md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams) sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1) if err != nil { - return nil, os.NewError("failed to sign ECDHE parameters: " + err.String()) + return nil, errors.New("failed to sign ECDHE parameters: " + err.Error()) } skx := new(serverKeyExchangeMsg) @@ -163,13 +163,13 @@ Curve: return skx, nil } -func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, os.Error) { +func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 { - return nil, os.NewError("bad ClientKeyExchange") + return nil, errors.New("bad ClientKeyExchange") } x, y := ka.curve.Unmarshal(ckx.ciphertext[1:]) if x == nil { - return nil, os.NewError("bad ClientKeyExchange") + return nil, errors.New("bad ClientKeyExchange") } x, _ = ka.curve.ScalarMult(x, y, ka.privateKey) preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3) @@ -179,14 +179,14 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl return preMasterSecret, nil } -var errServerKeyExchange = os.NewError("invalid ServerKeyExchange") +var errServerKeyExchange = errors.New("invalid ServerKeyExchange") -func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error { +func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { if len(skx.key) < 4 { return errServerKeyExchange } if skx.key[0] != 3 { // named curve - return os.NewError("server selected unsupported curve") + return errors.New("server selected unsupported curve") } curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2]) @@ -198,7 +198,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH case curveP521: ka.curve = elliptic.P521() default: - return os.NewError("server selected unsupported curve") + return errors.New("server selected unsupported curve") } publicLen := int(skx.key[3]) @@ -225,9 +225,9 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig) } -func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) { +func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { if ka.curve == nil { - return nil, nil, os.NewError("missing ServerKeyExchange message") + return nil, nil, errors.New("missing ServerKeyExchange message") } priv, mx, my, err := ka.curve.GenerateKey(config.rand()) if err != nil { diff --git a/prf.go b/prf.go index 2d58dc5..d758f21 100644 --- a/prf.go +++ b/prf.go @@ -9,7 +9,6 @@ import ( "crypto/md5" "crypto/sha1" "hash" - "os" ) // Split a premaster secret in two as specified in RFC 4346, section 5. @@ -156,7 +155,7 @@ type finishedHash struct { version uint16 } -func (h finishedHash) Write(msg []byte) (n int, err os.Error) { +func (h finishedHash) Write(msg []byte) (n int, err error) { h.clientMD5.Write(msg) h.clientSHA1.Write(msg) h.serverMD5.Write(msg) diff --git a/tls.go b/tls.go index 4f0859f..3ca6240 100644 --- a/tls.go +++ b/tls.go @@ -10,9 +10,9 @@ import ( "crypto/rsa" "crypto/x509" "encoding/pem" + "errors" "io/ioutil" "net" - "os" "strings" ) @@ -41,7 +41,7 @@ type Listener struct { // Accept waits for and returns the next incoming TLS connection. // The returned connection c is a *tls.Conn. -func (l *Listener) Accept() (c net.Conn, err os.Error) { +func (l *Listener) Accept() (c net.Conn, err error) { c, err = l.listener.Accept() if err != nil { return @@ -51,7 +51,7 @@ func (l *Listener) Accept() (c net.Conn, err os.Error) { } // Close closes the listener. -func (l *Listener) Close() os.Error { return l.listener.Close() } +func (l *Listener) Close() error { return l.listener.Close() } // Addr returns the listener's network address. func (l *Listener) Addr() net.Addr { return l.listener.Addr() } @@ -71,9 +71,9 @@ func NewListener(listener net.Listener, config *Config) (l *Listener) { // given network address using net.Listen. // The configuration config must be non-nil and must have // at least one certificate. -func Listen(network, laddr string, config *Config) (*Listener, os.Error) { +func Listen(network, laddr string, config *Config) (*Listener, error) { if config == nil || len(config.Certificates) == 0 { - return nil, os.NewError("tls.Listen: no certificates in configuration") + return nil, errors.New("tls.Listen: no certificates in configuration") } l, err := net.Listen(network, laddr) if err != nil { @@ -88,7 +88,7 @@ func Listen(network, laddr string, config *Config) (*Listener, os.Error) { // Dial interprets a nil configuration as equivalent to // the zero configuration; see the documentation of Config // for the defaults. -func Dial(network, addr string, config *Config) (*Conn, os.Error) { +func Dial(network, addr string, config *Config) (*Conn, error) { raddr := addr c, err := net.Dial(network, raddr) if err != nil { @@ -120,7 +120,7 @@ func Dial(network, addr string, config *Config) (*Conn, os.Error) { // LoadX509KeyPair reads and parses a public/private key pair from a pair of // files. The files must contain PEM encoded data. -func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.Error) { +func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err error) { certPEMBlock, err := ioutil.ReadFile(certFile) if err != nil { return @@ -134,7 +134,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os. // X509KeyPair parses a public/private key pair from a pair of // PEM encoded data. -func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Error) { +func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) { var certDERBlock *pem.Block for { certDERBlock, certPEMBlock = pem.Decode(certPEMBlock) @@ -147,19 +147,19 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err } if len(cert.Certificate) == 0 { - err = os.NewError("crypto/tls: failed to parse certificate PEM data") + err = errors.New("crypto/tls: failed to parse certificate PEM data") return } keyDERBlock, _ := pem.Decode(keyPEMBlock) if keyDERBlock == nil { - err = os.NewError("crypto/tls: failed to parse key PEM data") + err = errors.New("crypto/tls: failed to parse key PEM data") return } key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes) if err != nil { - err = os.NewError("crypto/tls: failed to parse key: " + err.String()) + err = errors.New("crypto/tls: failed to parse key: " + err.Error()) return } @@ -173,7 +173,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err } if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 { - err = os.NewError("crypto/tls: private key does not match public key") + err = errors.New("crypto/tls: private key does not match public key") return }