Created
December 9, 2014 13:56
-
-
Save brad-burch/148a7dfe258c3e6fd68f to your computer and use it in GitHub Desktop.
crypto/tls: optional ocspStapling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -r 088975427829 src/crypto/tls/handshake_client.go | |
--- a/src/crypto/tls/handshake_client.go Wed Nov 19 09:47:56 2014 +1100 | |
+++ b/src/crypto/tls/handshake_client.go Wed Nov 19 17:57:09 2014 -0600 | |
@@ -276,26 +276,34 @@ | |
c.peerCertificates = certs | |
- if hs.serverHello.ocspStapling { | |
- msg, err = c.readHandshake() | |
- if err != nil { | |
- return err | |
- } | |
- cs, ok := msg.(*certificateStatusMsg) | |
- if !ok { | |
+ msg, err = c.readHandshake() | |
+ if err != nil { | |
+ return err | |
+ } | |
+ | |
+ cs, ok := msg.(*certificateStatusMsg) | |
+ if ok { | |
+ // RFC4366 on Certificate Status Request: | |
+ // The server MAY return a "certificate_status" message. | |
+ | |
+ if !hs.serverHello.ocspStapling { | |
+ // If a server returns a "CertificateStatus" message, then the | |
+ // server MUST have included an extension of type "status_request" | |
+ // with empty "extension_data" in the extended server hello. | |
+ | |
c.sendAlert(alertUnexpectedMessage) | |
- return unexpectedMessageError(cs, msg) | |
+ return fmt.Errorf("tls: received unexpected handshake message of type %T", cs) | |
} | |
hs.finishedHash.Write(cs.marshal()) | |
if cs.statusType == statusTypeOCSP { | |
c.ocspResponse = cs.response | |
} | |
- } | |
- msg, err = c.readHandshake() | |
- if err != nil { | |
- return err | |
+ msg, err = c.readHandshake() | |
+ if err != nil { | |
+ return err | |
+ } | |
} | |
keyAgreement := hs.suite.ka(c.vers) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment