Revert "Use go 1.10 and aligns with current state of TLS in go/crypto/tls" (#77)
Temporarily reverts update to go1.10
This commit is contained in:
parent
1313809b2b
commit
d3da622def
@ -5,7 +5,7 @@ services:
|
|||||||
- docker
|
- docker
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.10.x
|
- 1.9.x
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- MODE=interop CLIENT=boring SERVER=boring
|
- MODE=interop CLIENT=boring SERVER=boring
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
FROM golang:1.10-alpine
|
FROM golang:1.9-alpine
|
||||||
|
|
||||||
RUN apk add --update \
|
RUN apk add --update \
|
||||||
git \
|
git \
|
||||||
|
@ -387,7 +387,7 @@ func mutualCipherSuite(have []uint16, want uint16) *cipherSuite {
|
|||||||
// A list of cipher suite IDs that are, or have been, implemented by this
|
// A list of cipher suite IDs that are, or have been, implemented by this
|
||||||
// package.
|
// package.
|
||||||
//
|
//
|
||||||
// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
|
// Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
|
||||||
const (
|
const (
|
||||||
// TLS 1.0 - 1.2 cipher suites.
|
// TLS 1.0 - 1.2 cipher suites.
|
||||||
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
|
TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
|
||||||
|
@ -108,7 +108,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// CurveID is the type of a TLS identifier for an elliptic curve. See
|
// CurveID is the type of a TLS identifier for an elliptic curve. See
|
||||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
|
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
|
||||||
//
|
//
|
||||||
// TLS 1.3 refers to these as Groups, but this library implements only
|
// TLS 1.3 refers to these as Groups, but this library implements only
|
||||||
// curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4.
|
// curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4.
|
||||||
@ -138,7 +138,7 @@ type psk struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TLS Elliptic Curve Point Formats
|
// TLS Elliptic Curve Point Formats
|
||||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
|
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
|
||||||
const (
|
const (
|
||||||
pointFormatUncompressed uint8 = 0
|
pointFormatUncompressed uint8 = 0
|
||||||
)
|
)
|
||||||
@ -483,9 +483,8 @@ type Config struct {
|
|||||||
//
|
//
|
||||||
// If normal verification fails then the handshake will abort before
|
// If normal verification fails then the handshake will abort before
|
||||||
// considering this callback. If normal verification is disabled by
|
// considering this callback. If normal verification is disabled by
|
||||||
// setting InsecureSkipVerify, or (for a server) when ClientAuth is
|
// setting InsecureSkipVerify then this callback will be considered but
|
||||||
// RequestClientCert or RequireAnyClientCert, then this callback will
|
// the verifiedChains argument will always be nil.
|
||||||
// be considered but the verifiedChains argument will always be nil.
|
|
||||||
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
|
||||||
|
|
||||||
// RootCAs defines the set of root certificate authorities
|
// RootCAs defines the set of root certificate authorities
|
||||||
|
@ -146,24 +146,16 @@ func main() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("failed to open cert.pem for writing: %s", err)
|
log.Fatalf("failed to open cert.pem for writing: %s", err)
|
||||||
}
|
}
|
||||||
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
|
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
||||||
log.Fatalf("failed to write data to cert.pem: %s", err)
|
certOut.Close()
|
||||||
}
|
log.Print("written cert.pem\n")
|
||||||
if err := certOut.Close(); err != nil {
|
|
||||||
log.Fatalf("error closing cert.pem: %s", err)
|
|
||||||
}
|
|
||||||
log.Print("wrote cert.pem\n")
|
|
||||||
|
|
||||||
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Print("failed to open key.pem for writing:", err)
|
log.Print("failed to open key.pem for writing:", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := pem.Encode(keyOut, pemBlockForKey(priv)); err != nil {
|
pem.Encode(keyOut, pemBlockForKey(priv))
|
||||||
log.Fatalf("failed to write data to key.pem: %s", err)
|
keyOut.Close()
|
||||||
}
|
log.Print("written key.pem\n")
|
||||||
if err := keyOut.Close(); err != nil {
|
|
||||||
log.Fatalf("error closing key.pem: %s", err)
|
|
||||||
}
|
|
||||||
log.Print("wrote key.pem\n")
|
|
||||||
}
|
}
|
||||||
|
@ -444,34 +444,26 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
msg, err = c.readHandshake()
|
if hs.serverHello.ocspStapling {
|
||||||
if err != nil {
|
msg, err = c.readHandshake()
|
||||||
return err
|
if err != nil {
|
||||||
}
|
return err
|
||||||
|
}
|
||||||
cs, ok := msg.(*certificateStatusMsg)
|
cs, ok := msg.(*certificateStatusMsg)
|
||||||
if ok {
|
if !ok {
|
||||||
// RFC4366 on Certificate Status Request:
|
|
||||||
// The server MAY return a "certificate_status" message.
|
|
||||||
|
|
||||||
if !hs.serverHello.ocspStapling {
|
|
||||||
// If a server returns a "CertificateStatus" message, then the
|
|
||||||
// server MUST have included an extension of type "status_request"
|
|
||||||
// with empty "extension_data" in the extended server hello.
|
|
||||||
|
|
||||||
c.sendAlert(alertUnexpectedMessage)
|
c.sendAlert(alertUnexpectedMessage)
|
||||||
return errors.New("tls: received unexpected CertificateStatus message")
|
return unexpectedMessageError(cs, msg)
|
||||||
}
|
}
|
||||||
hs.finishedHash.Write(cs.marshal())
|
hs.finishedHash.Write(cs.marshal())
|
||||||
|
|
||||||
if cs.statusType == statusTypeOCSP {
|
if cs.statusType == statusTypeOCSP {
|
||||||
c.ocspResponse = cs.response
|
c.ocspResponse = cs.response
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
msg, err = c.readHandshake()
|
msg, err = c.readHandshake()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
keyAgreement := hs.suite.ka(c.vers)
|
keyAgreement := hs.suite.ka(c.vers)
|
||||||
|
Loading…
Reference in New Issue
Block a user