crypto/tls: extensions and Next Protocol Negotiation

Add support for TLS extensions in general and Next Protocol Negotiation in particular. R=rsc CC=golang-dev https://golang.org/cl/181045
2025-12-08 06:10:04 +00:00 · 2009-12-23 11:13:09 -08:00 · 2009-12-23 11:13:09 -08:00 · 9ebb59634e
commit 9ebb59634e
parent 7c9111434a
9 changed files with 379 additions and 28 deletions
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@ -108,6 +108,10 @@ func (h *serverHandshake) loop(writeChan chan<- interface{}, controlChan chan<-
 		return
 	}
 	hello.compressionMethod = compressionNone
+	if clientHello.nextProtoNeg {
+		hello.nextProtoNeg = true
+		hello.nextProtos = config.NextProtos
+	}

 	finishedHash.Write(hello.marshal())
 	writeChan <- writerSetVersion{major, minor}
@ -165,6 +169,17 @@ func (h *serverHandshake) loop(writeChan chan<- interface{}, controlChan chan<-
 	cipher, _ := rc4.NewCipher(clientKey)
 	controlChan <- &newCipherSpec{cipher, hmac.New(sha1.New(), clientMAC)}

+	clientProtocol := ""
+	if hello.nextProtoNeg {
+		nextProto, ok := h.readHandshakeMsg().(*nextProtoMsg)
+		if !ok {
+			h.error(alertUnexpectedMessage)
+			return
+		}
+		finishedHash.Write(nextProto.marshal())
+		clientProtocol = nextProto.proto
+	}
+
 	clientFinished, ok := h.readHandshakeMsg().(*finishedMsg)
 	if !ok {
 		h.error(alertUnexpectedMessage)
@ -178,7 +193,7 @@ func (h *serverHandshake) loop(writeChan chan<- interface{}, controlChan chan<-
 		return
 	}

-	controlChan <- ConnectionState{true, "TLS_RSA_WITH_RC4_128_SHA", 0}
+	controlChan <- ConnectionState{true, "TLS_RSA_WITH_RC4_128_SHA", 0, clientProtocol}

 	finishedHash.Write(clientFinished.marshal())

@ -228,7 +243,7 @@ func (h *serverHandshake) error(e alertType) {
 			for _ = range h.msgChan {
 			}
 		}()
-		h.controlChan <- ConnectionState{false, "", e}
+		h.controlChan <- ConnectionState{false, "", e, ""}
 		close(h.controlChan)
 		h.writeChan <- alert{alertLevelError, e}
 	}