From 28ca92f12d1d91f550504cb5aae3ea7e3cf88daf Mon Sep 17 00:00:00 2001
From: Jonathan Rudenberg <jonathan@titanous.com>
Date: Sun, 26 Apr 2015 12:05:37 -0400
Subject: [PATCH] crypto/tls: add OCSP response to ConnectionState

The OCSP response is currently only exposed via a method on Conn,
which makes it inaccessible when using wrappers like net/http. The
ConnectionState structure is typically available even when using
wrappers and contains many of the other handshake details, so this
change exposes the stapled OCSP response in that structure.

Change-Id: If8dab49292566912c615d816321b4353e711f71f
Reviewed-on: https://go-review.googlesource.com/9361
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
---
 common.go | 1 +
 conn.go   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/common.go b/common.go
index 4cce508..929c8ef 100644
--- a/common.go
+++ b/common.go
@@ -169,6 +169,7 @@ type ConnectionState struct {
 	PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
 	VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
 	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
+	OCSPResponse                []byte                // stapled OCSP response from server, if any
 
 	// TLSUnique contains the "tls-unique" channel binding value (see RFC
 	// 5929, section 3). For resumed sessions this value will be nil
diff --git a/conn.go b/conn.go
index c7b30a5..cad4718 100644
--- a/conn.go
+++ b/conn.go
@@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 		state.VerifiedChains = c.verifiedChains
 		state.ServerName = c.serverName
 		state.SignedCertificateTimestamps = c.scts
+		state.OCSPResponse = c.ocspResponse
 		if !c.didResume {
 			state.TLSUnique = c.firstFinished[:]
 		}