kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: always send a Certificate message if one was requested.

Browse Source 
If a CertificateRequest is received we have to reply with a
Certificate message, even if we don't have a certificate to offer.

Fixes #3339.

R=golang-dev, r, ality
CC=golang-dev
https://golang.org/cl/5845067
This commit is contained in:
Adam Langley 2012-03-19 12:34:35 -04:00
parent 46f6bfea8f
commit 43927bb46c
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
handshake_client.go
View File

@ -166,8 +166,11 @@ func (c *Conn) clientHandshake() error {
} }
var certToSend *Certificate var certToSend *Certificate
var certRequested bool
certReq, ok := msg.(*certificateRequestMsg) certReq, ok := msg.(*certificateRequestMsg)
if ok { if ok {
certRequested = true
// RFC 4346 on the certificateAuthorities field: // RFC 4346 on the certificateAuthorities field:
// A list of the distinguished names of acceptable certificate // A list of the distinguished names of acceptable certificate
// authorities. These distinguished names may specify a desired // authorities. These distinguished names may specify a desired
@ -238,9 +241,14 @@ func (c *Conn) clientHandshake() error {
} }
finishedHash.Write(shd.marshal()) finishedHash.Write(shd.marshal())
if certToSend != nil { // If the server requested a certificate then we have to send a
// Certificate message, even if it's empty because we don't have a
// certificate to send.
if certRequested {
certMsg = new(certificateMsg) certMsg = new(certificateMsg)
certMsg.certificates = certToSend.Certificate if certToSend != nil {
certMsg.certificates = certToSend.Certificate
}
finishedHash.Write(certMsg.marshal()) finishedHash.Write(certMsg.marshal())
c.writeRecord(recordTypeHandshake, certMsg.marshal()) c.writeRecord(recordTypeHandshake, certMsg.marshal())
} }