kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revert "Use go 1.10 and aligns with current state of TLS in go/crypto/tls" (#77)

Browse Source 
Temporarily reverts update to go1.10
This commit is contained in:
Henry Case 2018-03-21 14:27:31 +00:00 committed by GitHub
parent 1313809b2b
commit d3da622def
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 25 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -5,7 +5,7 @@ services:
- docker - docker
go: go:
- 1.10.x - 1.9.x
env: env:
- MODE=interop CLIENT=boring SERVER=boring - MODE=interop CLIENT=boring SERVER=boring

2
_dev/bogo/Dockerfile
View File

@ -1,4 +1,4 @@
FROM golang:1.10-alpine FROM golang:1.9-alpine
RUN apk add --update \ RUN apk add --update \
git \ git \

2
cipher_suites.go
View File

@ -387,7 +387,7 @@ func mutualCipherSuite(have []uint16, want uint16) *cipherSuite {
// A list of cipher suite IDs that are, or have been, implemented by this // A list of cipher suite IDs that are, or have been, implemented by this
// package. // package.
// //
// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml // Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
const ( const (
// TLS 1.0 - 1.2 cipher suites. // TLS 1.0 - 1.2 cipher suites.
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005

9
common.go
View File

@ -108,7 +108,7 @@ const (
) )
// CurveID is the type of a TLS identifier for an elliptic curve. See // CurveID is the type of a TLS identifier for an elliptic curve. See
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
// //
// TLS 1.3 refers to these as Groups, but this library implements only // TLS 1.3 refers to these as Groups, but this library implements only
// curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4. // curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4.
@ -138,7 +138,7 @@ type psk struct {
} }
// TLS Elliptic Curve Point Formats // TLS Elliptic Curve Point Formats
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
const ( const (
pointFormatUncompressed uint8 = 0 pointFormatUncompressed uint8 = 0
) )
@ -483,9 +483,8 @@ type Config struct {
// //
// If normal verification fails then the handshake will abort before // If normal verification fails then the handshake will abort before
// considering this callback. If normal verification is disabled by // considering this callback. If normal verification is disabled by
// setting InsecureSkipVerify, or (for a server) when ClientAuth is // setting InsecureSkipVerify then this callback will be considered but
// RequestClientCert or RequireAnyClientCert, then this callback will // the verifiedChains argument will always be nil.
// be considered but the verifiedChains argument will always be nil.
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// RootCAs defines the set of root certificate authorities // RootCAs defines the set of root certificate authorities

20
generate_cert.go
View File

@ -146,24 +146,16 @@ func main() {
if err != nil { if err != nil {
log.Fatalf("failed to open cert.pem for writing: %s", err) log.Fatalf("failed to open cert.pem for writing: %s", err)
} }
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
log.Fatalf("failed to write data to cert.pem: %s", err) certOut.Close()
} log.Print("written cert.pem\n")
if err := certOut.Close(); err != nil {
log.Fatalf("error closing cert.pem: %s", err)
}
log.Print("wrote cert.pem\n")
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil { if err != nil {
log.Print("failed to open key.pem for writing:", err) log.Print("failed to open key.pem for writing:", err)
return return
} }
if err := pem.Encode(keyOut, pemBlockForKey(priv)); err != nil { pem.Encode(keyOut, pemBlockForKey(priv))
log.Fatalf("failed to write data to key.pem: %s", err) keyOut.Close()
} log.Print("written key.pem\n")
if err := keyOut.Close(); err != nil {
log.Fatalf("error closing key.pem: %s", err)
}
log.Print("wrote key.pem\n")
} }

16
handshake_client.go
View File

@ -444,35 +444,27 @@ func (hs *clientHandshakeState) doFullHandshake() error {
} }
} }
if hs.serverHello.ocspStapling {
msg, err = c.readHandshake() msg, err = c.readHandshake()
if err != nil { if err != nil {
return err return err
} }
cs, ok := msg.(*certificateStatusMsg) cs, ok := msg.(*certificateStatusMsg)
if ok { if !ok {
// RFC4366 on Certificate Status Request:
// The server MAY return a "certificate_status" message.
if !hs.serverHello.ocspStapling {
// If a server returns a "CertificateStatus" message, then the
// server MUST have included an extension of type "status_request"
// with empty "extension_data" in the extended server hello.
c.sendAlert(alertUnexpectedMessage) c.sendAlert(alertUnexpectedMessage)
return errors.New("tls: received unexpected CertificateStatus message") return unexpectedMessageError(cs, msg)
} }
hs.finishedHash.Write(cs.marshal()) hs.finishedHash.Write(cs.marshal())
if cs.statusType == statusTypeOCSP { if cs.statusType == statusTypeOCSP {
c.ocspResponse = cs.response c.ocspResponse = cs.response
} }
}
msg, err = c.readHandshake() msg, err = c.readHandshake()
if err != nil { if err != nil {
return err return err
} }
}
keyAgreement := hs.suite.ka(c.vers) keyAgreement := hs.suite.ka(c.vers)