Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: always send a Certificate message if one was requested.

Browse source 
If a CertificateRequest is received we have to reply with a
Certificate message, even if we don't have a certificate to offer.

Fixes #3339.

R=golang-dev, r, ality
CC=golang-dev
https://golang.org/cl/5845067
This commit is contained in:
Adam Langley 2012-03-19 12:34:35 -04:00
parent d05b386928
commit aa1d4170a4
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/pkg/crypto/tls/handshake_client.go
View file

@ -166,8 +166,11 @@ func (c *Conn) clientHandshake() error {
} }
var certToSend *Certificate var certToSend *Certificate
var certRequested bool
certReq, ok := msg.(*certificateRequestMsg) certReq, ok := msg.(*certificateRequestMsg)
if ok { if ok {
certRequested = true
// RFC 4346 on the certificateAuthorities field: // RFC 4346 on the certificateAuthorities field:
// A list of the distinguished names of acceptable certificate // A list of the distinguished names of acceptable certificate
// authorities. These distinguished names may specify a desired // authorities. These distinguished names may specify a desired
@ -238,9 +241,14 @@ func (c *Conn) clientHandshake() error {
} }
finishedHash.Write(shd.marshal()) finishedHash.Write(shd.marshal())
if certToSend != nil { // If the server requested a certificate then we have to send a
// Certificate message, even if it's empty because we don't have a
// certificate to send.
if certRequested {
certMsg = new(certificateMsg) certMsg = new(certificateMsg)
certMsg.certificates = certToSend.Certificate if certToSend != nil {
certMsg.certificates = certToSend.Certificate
}
finishedHash.Write(certMsg.marshal()) finishedHash.Write(certMsg.marshal())
c.writeRecord(recordTypeHandshake, certMsg.marshal()) c.writeRecord(recordTypeHandshake, certMsg.marshal())
} }