crypto/tls: avoid sending empty OCSP or SCT cert extensions
This commit is contained in:
Filippo Valsorda
Peter Wu
parent
815d56e5a7
commit
80f82d89c7
@ -1419,10 +1419,10 @@ func (m *certificateMsg13) marshal() (x []byte) {
|
|||||||
var i int
|
var i int
|
||||||
for _, cert := range m.certificates {
|
for _, cert := range m.certificates {
|
||||||
i += len(cert.data)
|
i += len(cert.data)
|
||||||
if cert.ocspStaple != nil {
|
if len(cert.ocspStaple) != 0 {
|
||||||
i += 8 + len(cert.ocspStaple)
|
i += 8 + len(cert.ocspStaple)
|
||||||
}
|
}
|
||||||
if cert.sctList != nil {
|
if len(cert.sctList) != 0 {
|
||||||
i += 4
|
i += 4
|
||||||
for _, sct := range cert.sctList {
|
for _, sct := range cert.sctList {
|
||||||
i += 2 + len(sct)
|
i += 2 + len(sct)
|
||||||
@ -1462,7 +1462,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
|
|||||||
z = z[2:]
|
z = z[2:]
|
||||||
|
|
||||||
extensionLen := 0
|
extensionLen := 0
|
||||||
if cert.ocspStaple != nil {
|
if len(cert.ocspStaple) != 0 {
|
||||||
stapleLen := 4 + len(cert.ocspStaple)
|
stapleLen := 4 + len(cert.ocspStaple)
|
||||||
z[0] = uint8(extensionStatusRequest >> 8)
|
z[0] = uint8(extensionStatusRequest >> 8)
|
||||||
z[1] = uint8(extensionStatusRequest)
|
z[1] = uint8(extensionStatusRequest)
|
||||||
@ -1479,7 +1479,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
|
|||||||
|
|
||||||
extensionLen += 8 + stapleLen
|
extensionLen += 8 + stapleLen
|
||||||
}
|
}
|
||||||
if cert.sctList != nil {
|
if len(cert.sctList) != 0 {
|
||||||
z[0] = uint8(extensionSCT >> 8)
|
z[0] = uint8(extensionSCT >> 8)
|
||||||
z[1] = uint8(extensionSCT)
|
z[1] = uint8(extensionSCT)
|
||||||
sctLenPos := z[2:4]
|
sctLenPos := z[2:4]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user