@@ -19,6 +19,7 @@ func (hs *serverHandshakeState) doTLS13Handshake() error { | |||||
c := hs.c | c := hs.c | ||||
hs.c.cipherSuite, hs.hello13.cipherSuite = hs.suite.id, hs.suite.id | hs.c.cipherSuite, hs.hello13.cipherSuite = hs.suite.id, hs.suite.id | ||||
hs.c.clientHello = hs.clientHello.marshal() | |||||
// When picking the group for the handshake, priority is given to groups | // When picking the group for the handshake, priority is given to groups | ||||
// that the client provided a keyShare for, so to avoid a round-trip. | // that the client provided a keyShare for, so to avoid a round-trip. | ||||
@@ -174,6 +174,7 @@ var supportedSignatureAlgorithms = []signatureAndHash{ | |||||
// ConnectionState records basic TLS details about the connection. | // ConnectionState records basic TLS details about the connection. | ||||
type ConnectionState struct { | type ConnectionState struct { | ||||
ConnectionID []byte // Random unique connection id | |||||
Version uint16 // TLS version used by the connection (e.g. VersionTLS12) | Version uint16 // TLS version used by the connection (e.g. VersionTLS12) | ||||
HandshakeComplete bool // TLS handshake is complete | HandshakeComplete bool // TLS handshake is complete | ||||
DidResume bool // connection resumes a previous TLS connection | DidResume bool // connection resumes a previous TLS connection | ||||
@@ -193,6 +194,8 @@ type ConnectionState struct { | |||||
// change in future versions of Go once the TLS master-secret fix has | // change in future versions of Go once the TLS master-secret fix has | ||||
// been standardized and implemented. | // been standardized and implemented. | ||||
TLSUnique []byte | TLSUnique []byte | ||||
ClientHello []byte // ClientHello packet | |||||
} | } | ||||
// ClientAuthType declares the policy the server will follow for | // ClientAuthType declares the policy the server will follow for | ||||
@@ -34,6 +34,8 @@ type Conn struct { | |||||
// to wait for the handshake can wait on this, under handshakeMutex. | // to wait for the handshake can wait on this, under handshakeMutex. | ||||
handshakeCond *sync.Cond | handshakeCond *sync.Cond | ||||
handshakeErr error // error resulting from handshake | handshakeErr error // error resulting from handshake | ||||
connID []byte // Random connection id | |||||
clientHello []byte // ClientHello packet contents | |||||
vers uint16 // TLS version | vers uint16 // TLS version | ||||
haveVers bool // version has been negotiated | haveVers bool // version has been negotiated | ||||
config *Config // configuration passed to constructor | config *Config // configuration passed to constructor | ||||
@@ -1363,6 +1365,11 @@ func (c *Conn) Handshake() error { | |||||
panic("handshake should not have been able to complete after handshakeCond was set") | panic("handshake should not have been able to complete after handshakeCond was set") | ||||
} | } | ||||
c.connID = make([]byte, 8) | |||||
if _, err := io.ReadFull(c.config.rand(), c.connID); err != nil { | |||||
return err | |||||
} | |||||
if c.isClient { | if c.isClient { | ||||
c.handshakeErr = c.clientHandshake() | c.handshakeErr = c.clientHandshake() | ||||
} else { | } else { | ||||
@@ -1398,6 +1405,8 @@ func (c *Conn) ConnectionState() ConnectionState { | |||||
state.ServerName = c.serverName | state.ServerName = c.serverName | ||||
if c.handshakeComplete { | if c.handshakeComplete { | ||||
state.ConnectionID = c.connID | |||||
state.ClientHello = c.clientHello | |||||
state.Version = c.vers | state.Version = c.vers | ||||
state.NegotiatedProtocol = c.clientProtocol | state.NegotiatedProtocol = c.clientProtocol | ||||
state.DidResume = c.didResume | state.DidResume = c.didResume | ||||