diff --git a/conn.go b/conn.go index 097e182..fac65af 100644 --- a/conn.go +++ b/conn.go @@ -790,10 +790,10 @@ func (c *Conn) VerifyHostname(host string) os.Error { c.handshakeMutex.Lock() defer c.handshakeMutex.Unlock() if !c.isClient { - return os.ErrorString("VerifyHostname called on TLS server connection") + return os.NewError("VerifyHostname called on TLS server connection") } if !c.handshakeComplete { - return os.ErrorString("TLS handshake has not yet been performed") + return os.NewError("TLS handshake has not yet been performed") } return c.peerCertificates[0].VerifyHostname(host) } diff --git a/handshake_client.go b/handshake_client.go index c758c96..15604ce 100644 --- a/handshake_client.go +++ b/handshake_client.go @@ -40,7 +40,7 @@ func (c *Conn) clientHandshake() os.Error { _, err := io.ReadFull(c.config.rand(), hello.random[4:]) if err != nil { c.sendAlert(alertInternalError) - return os.ErrorString("short read from Rand") + return os.NewError("short read from Rand") } finishedHash.Write(hello.marshal()) @@ -69,7 +69,7 @@ func (c *Conn) clientHandshake() os.Error { if !hello.nextProtoNeg && serverHello.nextProtoNeg { c.sendAlert(alertHandshakeFailure) - return os.ErrorString("server advertised unrequested NPN") + return os.NewError("server advertised unrequested NPN") } suite, suiteId := mutualCipherSuite(c.config.cipherSuites(), serverHello.cipherSuite) @@ -92,7 +92,7 @@ func (c *Conn) clientHandshake() os.Error { cert, err := x509.ParseCertificate(asn1Data) if err != nil { c.sendAlert(alertBadCertificate) - return os.ErrorString("failed to parse certificate from server: " + err.String()) + return os.NewError("failed to parse certificate from server: " + err.String()) } certs[i] = cert } diff --git a/handshake_server.go b/handshake_server.go index e9431c6..44a3240 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -173,7 +173,7 @@ FindCipherSuite: cert, err := x509.ParseCertificate(asn1Data) if err != nil { c.sendAlert(alertBadCertificate) - return os.ErrorString("could not parse client's certificate: " + err.String()) + return os.NewError("could not parse client's certificate: " + err.String()) } certs[i] = cert } @@ -182,7 +182,7 @@ FindCipherSuite: for i := 1; i < len(certs); i++ { if err := certs[i-1].CheckSignatureFrom(certs[i]); err != nil { c.sendAlert(alertBadCertificate) - return os.ErrorString("could not validate certificate signature: " + err.String()) + return os.NewError("could not validate certificate signature: " + err.String()) } } @@ -229,7 +229,7 @@ FindCipherSuite: err = rsa.VerifyPKCS1v15(pub, crypto.MD5SHA1, digest, certVerify.signature) if err != nil { c.sendAlert(alertBadCertificate) - return os.ErrorString("could not validate signature of connection nonces: " + err.String()) + return os.NewError("could not validate signature of connection nonces: " + err.String()) } finishedHash.Write(certVerify.marshal()) diff --git a/key_agreement.go b/key_agreement.go index c83ef3f..48472fb 100644 --- a/key_agreement.go +++ b/key_agreement.go @@ -32,11 +32,11 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe } if len(ckx.ciphertext) < 2 { - return nil, os.ErrorString("bad ClientKeyExchange") + return nil, os.NewError("bad ClientKeyExchange") } ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) if ciphertextLen != len(ckx.ciphertext)-2 { - return nil, os.ErrorString("bad ClientKeyExchange") + return nil, os.NewError("bad ClientKeyExchange") } ciphertext := ckx.ciphertext[2:] @@ -54,7 +54,7 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKe } func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error { - return os.ErrorString("unexpected ServerKeyExchange") + return os.NewError("unexpected ServerKeyExchange") } func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) { @@ -146,7 +146,7 @@ Curve: md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams) sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1) if err != nil { - return nil, os.ErrorString("failed to sign ECDHE parameters: " + err.String()) + return nil, os.NewError("failed to sign ECDHE parameters: " + err.String()) } skx := new(serverKeyExchangeMsg) @@ -162,11 +162,11 @@ Curve: func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *clientKeyExchangeMsg) ([]byte, os.Error) { if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 { - return nil, os.ErrorString("bad ClientKeyExchange") + return nil, os.NewError("bad ClientKeyExchange") } x, y := ka.curve.Unmarshal(ckx.ciphertext[1:]) if x == nil { - return nil, os.ErrorString("bad ClientKeyExchange") + return nil, os.NewError("bad ClientKeyExchange") } x, _ = ka.curve.ScalarMult(x, y, ka.privateKey) preMasterSecret := make([]byte, (ka.curve.BitSize+7)>>3) @@ -176,14 +176,14 @@ func (ka *ecdheRSAKeyAgreement) processClientKeyExchange(config *Config, ckx *cl return preMasterSecret, nil } -var errServerKeyExchange = os.ErrorString("invalid ServerKeyExchange") +var errServerKeyExchange = os.NewError("invalid ServerKeyExchange") func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) os.Error { if len(skx.key) < 4 { return errServerKeyExchange } if skx.key[0] != 3 { // named curve - return os.ErrorString("server selected unsupported curve") + return os.NewError("server selected unsupported curve") } curveid := uint16(skx.key[1])<<8 | uint16(skx.key[2]) @@ -195,7 +195,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH case curveP521: ka.curve = elliptic.P521() default: - return os.ErrorString("server selected unsupported curve") + return os.NewError("server selected unsupported curve") } publicLen := int(skx.key[3]) @@ -224,7 +224,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, os.Error) { if ka.curve == nil { - return nil, nil, os.ErrorString("missing ServerKeyExchange message") + return nil, nil, os.NewError("missing ServerKeyExchange message") } priv, mx, my, err := ka.curve.GenerateKey(config.rand()) if err != nil { diff --git a/tls.go b/tls.go index 9e5c927..4f0859f 100644 --- a/tls.go +++ b/tls.go @@ -147,19 +147,19 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err } if len(cert.Certificate) == 0 { - err = os.ErrorString("crypto/tls: failed to parse certificate PEM data") + err = os.NewError("crypto/tls: failed to parse certificate PEM data") return } keyDERBlock, _ := pem.Decode(keyPEMBlock) if keyDERBlock == nil { - err = os.ErrorString("crypto/tls: failed to parse key PEM data") + err = os.NewError("crypto/tls: failed to parse key PEM data") return } key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes) if err != nil { - err = os.ErrorString("crypto/tls: failed to parse key: " + err.String()) + err = os.NewError("crypto/tls: failed to parse key: " + err.String()) return } @@ -173,7 +173,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err } if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 { - err = os.ErrorString("crypto/tls: private key does not match public key") + err = os.NewError("crypto/tls: private key does not match public key") return }