Temporarily reverts update to go1.10v1.2.3
@@ -5,7 +5,7 @@ services: | |||||
- docker | - docker | ||||
go: | go: | ||||
- 1.10.x | |||||
- 1.9.x | |||||
env: | env: | ||||
- MODE=interop CLIENT=boring SERVER=boring | - MODE=interop CLIENT=boring SERVER=boring | ||||
@@ -1,4 +1,4 @@ | |||||
FROM golang:1.10-alpine | |||||
FROM golang:1.9-alpine | |||||
RUN apk add --update \ | RUN apk add --update \ | ||||
git \ | git \ | ||||
@@ -387,7 +387,7 @@ func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { | |||||
// A list of cipher suite IDs that are, or have been, implemented by this | // A list of cipher suite IDs that are, or have been, implemented by this | ||||
// package. | // package. | ||||
// | // | ||||
// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml | |||||
// Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml | |||||
const ( | const ( | ||||
// TLS 1.0 - 1.2 cipher suites. | // TLS 1.0 - 1.2 cipher suites. | ||||
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 | TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 | ||||
@@ -108,7 +108,7 @@ const ( | |||||
) | ) | ||||
// CurveID is the type of a TLS identifier for an elliptic curve. See | // CurveID is the type of a TLS identifier for an elliptic curve. See | ||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 | |||||
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 | |||||
// | // | ||||
// TLS 1.3 refers to these as Groups, but this library implements only | // TLS 1.3 refers to these as Groups, but this library implements only | ||||
// curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4. | // curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4. | ||||
@@ -138,7 +138,7 @@ type psk struct { | |||||
} | } | ||||
// TLS Elliptic Curve Point Formats | // TLS Elliptic Curve Point Formats | ||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 | |||||
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 | |||||
const ( | const ( | ||||
pointFormatUncompressed uint8 = 0 | pointFormatUncompressed uint8 = 0 | ||||
) | ) | ||||
@@ -483,9 +483,8 @@ type Config struct { | |||||
// | // | ||||
// If normal verification fails then the handshake will abort before | // If normal verification fails then the handshake will abort before | ||||
// considering this callback. If normal verification is disabled by | // considering this callback. If normal verification is disabled by | ||||
// setting InsecureSkipVerify, or (for a server) when ClientAuth is | |||||
// RequestClientCert or RequireAnyClientCert, then this callback will | |||||
// be considered but the verifiedChains argument will always be nil. | |||||
// setting InsecureSkipVerify then this callback will be considered but | |||||
// the verifiedChains argument will always be nil. | |||||
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error | VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error | ||||
// RootCAs defines the set of root certificate authorities | // RootCAs defines the set of root certificate authorities | ||||
@@ -146,24 +146,16 @@ func main() { | |||||
if err != nil { | if err != nil { | ||||
log.Fatalf("failed to open cert.pem for writing: %s", err) | log.Fatalf("failed to open cert.pem for writing: %s", err) | ||||
} | } | ||||
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { | |||||
log.Fatalf("failed to write data to cert.pem: %s", err) | |||||
} | |||||
if err := certOut.Close(); err != nil { | |||||
log.Fatalf("error closing cert.pem: %s", err) | |||||
} | |||||
log.Print("wrote cert.pem\n") | |||||
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) | |||||
certOut.Close() | |||||
log.Print("written cert.pem\n") | |||||
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) | keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) | ||||
if err != nil { | if err != nil { | ||||
log.Print("failed to open key.pem for writing:", err) | log.Print("failed to open key.pem for writing:", err) | ||||
return | return | ||||
} | } | ||||
if err := pem.Encode(keyOut, pemBlockForKey(priv)); err != nil { | |||||
log.Fatalf("failed to write data to key.pem: %s", err) | |||||
} | |||||
if err := keyOut.Close(); err != nil { | |||||
log.Fatalf("error closing key.pem: %s", err) | |||||
} | |||||
log.Print("wrote key.pem\n") | |||||
pem.Encode(keyOut, pemBlockForKey(priv)) | |||||
keyOut.Close() | |||||
log.Print("written key.pem\n") | |||||
} | } |
@@ -444,34 +444,26 @@ func (hs *clientHandshakeState) doFullHandshake() error { | |||||
} | } | ||||
} | } | ||||
msg, err = c.readHandshake() | |||||
if err != nil { | |||||
return err | |||||
} | |||||
cs, ok := msg.(*certificateStatusMsg) | |||||
if ok { | |||||
// RFC4366 on Certificate Status Request: | |||||
// The server MAY return a "certificate_status" message. | |||||
if !hs.serverHello.ocspStapling { | |||||
// If a server returns a "CertificateStatus" message, then the | |||||
// server MUST have included an extension of type "status_request" | |||||
// with empty "extension_data" in the extended server hello. | |||||
if hs.serverHello.ocspStapling { | |||||
msg, err = c.readHandshake() | |||||
if err != nil { | |||||
return err | |||||
} | |||||
cs, ok := msg.(*certificateStatusMsg) | |||||
if !ok { | |||||
c.sendAlert(alertUnexpectedMessage) | c.sendAlert(alertUnexpectedMessage) | ||||
return errors.New("tls: received unexpected CertificateStatus message") | |||||
return unexpectedMessageError(cs, msg) | |||||
} | } | ||||
hs.finishedHash.Write(cs.marshal()) | hs.finishedHash.Write(cs.marshal()) | ||||
if cs.statusType == statusTypeOCSP { | if cs.statusType == statusTypeOCSP { | ||||
c.ocspResponse = cs.response | c.ocspResponse = cs.response | ||||
} | } | ||||
} | |||||
msg, err = c.readHandshake() | |||||
if err != nil { | |||||
return err | |||||
} | |||||
msg, err = c.readHandshake() | |||||
if err != nil { | |||||
return err | |||||
} | } | ||||
keyAgreement := hs.suite.ka(c.vers) | keyAgreement := hs.suite.ka(c.vers) | ||||