Fix certificate validation.
asn1: add support for T61String because this is the string type which
several www.google.com certificates are now using for fields like
CommonName
tls: force a handshake in Dial so that certificates are ready
afterwards.
Fixes #1114.
R=rsc
CC=golang-dev
https://golang.org/cl/2216043
This commit is contained in:
Adam Langley
parent
657e8dab30
commit
ed8da7bff6
10
conn.go
10
conn.go
@ -675,5 +675,13 @@ func (c *Conn) PeerCertificates() []*x509.Certificate {
|
|||||||
// connecting to host. If so, it returns nil; if not, it returns an os.Error
|
// connecting to host. If so, it returns nil; if not, it returns an os.Error
|
||||||
// describing the problem.
|
// describing the problem.
|
||||||
func (c *Conn) VerifyHostname(host string) os.Error {
|
func (c *Conn) VerifyHostname(host string) os.Error {
|
||||||
return c.PeerCertificates()[0].VerifyHostname(host)
|
c.handshakeMutex.Lock()
|
||||||
|
defer c.handshakeMutex.Unlock()
|
||||||
|
if !c.isClient {
|
||||||
|
return os.ErrorString("VerifyHostname called on TLS server connection")
|
||||||
|
}
|
||||||
|
if !c.handshakeComplete {
|
||||||
|
return os.ErrorString("TLS handshake has not yet been performed")
|
||||||
|
}
|
||||||
|
return c.peerCertificates[0].VerifyHostname(host)
|
||||||
}
|
}
|
||||||
|
|||||||
8
tls.go
8
tls.go
@ -67,7 +67,13 @@ func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return Client(c, nil), nil
|
conn := Client(c, nil)
|
||||||
|
err = conn.Handshake()
|
||||||
|
if err == nil {
|
||||||
|
return conn, nil
|
||||||
|
}
|
||||||
|
c.Close()
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadX509KeyPair
|
// LoadX509KeyPair
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user