Alternative TLS implementation in Go
Go to file
Adam Langley 07b6287f24 crypto/tls: allow renegotiation to be handled by a client.
This change adds Config.Renegotiation which controls whether a TLS
client will accept renegotiation requests from a server. This is used,
for example, by some web servers that wish to “add” a client certificate
to an HTTPS connection.

This is disabled by default because it significantly complicates the
state machine.

Originally, handshakeMutex was taken before locking either Conn.in or
Conn.out. However, if renegotiation is permitted then a handshake may
be triggered during a Read() call. If Conn.in were unlocked before
taking handshakeMutex then a concurrent Read() call could see an
intermediate state and trigger an error. Thus handshakeMutex is now
locked after Conn.in and the handshake functions assume that Conn.in is
locked for the duration of the handshake.

Additionally, handshakeMutex used to protect Conn.out also. With the
possibility of renegotiation that's no longer viable and so
writeRecordLocked has been split off.

Fixes #5742.

Change-Id: I935914db1f185d507ff39bba8274c148d756a1c8
Reviewed-on: https://go-review.googlesource.com/22475
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-04-28 17:56:28 +00:00
testdata crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
alert.go crypto/tls: make error prefix uniform. 2016-04-14 16:28:53 +00:00
cipher_suites.go crypto/tls: Update references to draft-ietf-tls-downgrade-scsv-00. 2016-03-25 22:10:37 +00:00
common.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
conn_test.go crypto/tls: implement dynamic record sizing 2016-03-12 00:47:13 +00:00
conn.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
example_test.go crypto/x509: add example of using a custom root list. 2014-02-19 11:18:35 -05:00
generate_cert.go crypto/tls: Support ECDSA keys in generate_cert.go 2014-07-28 14:46:34 -07:00
handshake_client_test.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
handshake_client.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
handshake_messages_test.go crypto/tls: decouple handshake signatures from the handshake hash. 2015-04-30 03:47:02 +00:00
handshake_messages.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
handshake_server_test.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
handshake_server.go crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
handshake_test.go crypto/tls: rework reference tests. 2013-12-20 11:37:05 -05:00
key_agreement.go crypto/tls: make error prefix uniform. 2016-04-14 16:28:53 +00:00
prf_test.go crypto/tls: decouple handshake signatures from the handshake hash. 2015-04-30 03:47:02 +00:00
prf.go all: standardize RFC mention format 2016-04-12 21:07:52 +00:00
ticket.go crypto/tls: minor refactors for readability 2016-03-14 21:17:37 +00:00
tls_test.go crypto/tls: test for timeout error using the net.Error interface 2016-03-08 22:40:49 +00:00
tls.go crypto/tls: make error prefix uniform. 2016-04-14 16:28:53 +00:00