kris
/
th5
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

crypto/tls: add client-side SNI support and PeerCertificates. 

SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).

PeerCertificates returns the list of certificates presented by
server.

R=r
CC=golang-dev
https://golang.org/cl/1741053
v1.2.3
Adam Langley pirms 14 gadiem
vecāks
a54a4371e7
revīzija
cbf5c897cb
4 mainītis faili ar 19 papildinājumiem un 1 dzēšanām
Dalītais skats
Salīdzināšanas iespējas
Rādīt statistiku Lejupielādēt ielāpa failu Lejupielādēt izmaiņu failu
  1. +3
    -0
      common.go
  2. +11
    -0
      conn.go
  3. +3
    -0
      handshake_client.go
  4. +2
    -1
      handshake_messages.go

+ 3
- 0
common.go Parādīt failu

@@ -85,6 +85,9 @@ type Config struct {
// NextProtos is a list of supported, application level protocols.
// Currently only server-side handling is supported.
NextProtos []string
// ServerName is included in the client's handshake to support virtual
// hosting.
ServerName string
}

type Certificate struct {


+ 11
- 0
conn.go Parādīt failu

@@ -5,6 +5,7 @@ package tls
import (
"bytes"
"crypto/subtle"
"crypto/x509"
"hash"
"io"
"net"
@@ -27,6 +28,7 @@ type Conn struct {
handshakeComplete bool
cipherSuite uint16
ocspResponse []byte // stapled OCSP response
peerCertificates []*x509.Certificate

clientProtocol string

@@ -651,3 +653,12 @@ func (c *Conn) OCSPResponse() []byte {

return c.ocspResponse
}

// PeerCertificates returns the certificate chain that was presented by the
// other side.
func (c *Conn) PeerCertificates() []*x509.Certificate {
c.handshakeMutex.Lock()
defer c.handshakeMutex.Unlock()

return c.peerCertificates
}

+ 3
- 0
handshake_client.go Parādīt failu

@@ -28,6 +28,7 @@ func (c *Conn) clientHandshake() os.Error {
compressionMethods: []uint8{compressionNone},
random: make([]byte, 32),
ocspStapling: true,
serverName: c.config.ServerName,
}

t := uint32(c.config.Time())
@@ -107,6 +108,8 @@ func (c *Conn) clientHandshake() os.Error {
return c.sendAlert(alertUnsupportedCertificate)
}

c.peerCertificates = certs

if serverHello.certStatus {
msg, err = c.readHandshake()
if err != nil {


+ 2
- 1
handshake_messages.go Parādīt failu

@@ -100,7 +100,8 @@ func (m *clientHelloMsg) marshal() []byte {
// ServerName server_name_list<1..2^16-1>
// } ServerNameList;

z[1] = 1
z[0] = byte((len(m.serverName) + 3) >> 8)
z[1] = byte(len(m.serverName) + 3)
z[3] = byte(len(m.serverName) >> 8)
z[4] = byte(len(m.serverName))
copy(z[5:], []byte(m.serverName))


Rakstīt Priekšskatītījums
Notiek ielāde…
Atcelt
Saglabāt