crypto/tls: add client-side SNI support and PeerCertificates.

SNI (Server Name Indication) is a way for a TLS client to indicate to the server which name it knows the server by. This allows the server to have several names and return the correct certificate for each (virtual hosting). PeerCertificates returns the list of certificates presented by server. R=r CC=golang-dev https://golang.org/cl/1741053
2025-12-08 06:10:04 +00:00 · 2010-07-21 11:36:01 -04:00 · 2010-07-21 11:36:01 -04:00 · 7be849d4a6
commit 7be849d4a6
parent 8286ee4c5b
4 changed files with 19 additions and 1 deletions
--- a/src/pkg/crypto/tls/handshake_client.go
+++ b/src/pkg/crypto/tls/handshake_client.go
@ -28,6 +28,7 @@ func (c *Conn) clientHandshake() os.Error {
 		compressionMethods: []uint8{compressionNone},
 		random:             make([]byte, 32),
 		ocspStapling:       true,
+		serverName:         c.config.ServerName,
 	}

 	t := uint32(c.config.Time())
@ -107,6 +108,8 @@ func (c *Conn) clientHandshake() os.Error {
 		return c.sendAlert(alertUnsupportedCertificate)
 	}

+	c.peerCertificates = certs
+
 	if serverHello.certStatus {
 		msg, err = c.readHandshake()
 		if err != nil {