kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: avoid sending empty OCSP or SCT cert extensions

Browse Source
This commit is contained in:
Filippo Valsorda 2017-02-15 16:51:32 -05:00 committed by Peter Wu
parent 815d56e5a7
commit 80f82d89c7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
handshake_messages.go
View File

@ -1419,10 +1419,10 @@ func (m *certificateMsg13) marshal() (x []byte) {
var i int
for _, cert := range m.certificates {
i += len(cert.data)
if cert.ocspStaple != nil {
if len(cert.ocspStaple) != 0 {
i += 8 + len(cert.ocspStaple)
}
if cert.sctList != nil {
if len(cert.sctList) != 0 {
i += 4
for _, sct := range cert.sctList {
i += 2 + len(sct)
@ -1462,7 +1462,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
z = z[2:]
extensionLen := 0
if cert.ocspStaple != nil {
if len(cert.ocspStaple) != 0 {
stapleLen := 4 + len(cert.ocspStaple)
z[0] = uint8(extensionStatusRequest >> 8)
z[1] = uint8(extensionStatusRequest)
@ -1479,7 +1479,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
extensionLen += 8 + stapleLen
}
if cert.sctList != nil {
if len(cert.sctList) != 0 {
z[0] = uint8(extensionSCT >> 8)
z[1] = uint8(extensionSCT)
sctLenPos := z[2:4]