| LEFT | RIGHT |
|---|
| (no file at all) | |
| 1 // Copyright 2010 The Go Authors. All rights reserved. | 1 // Copyright 2010 The Go Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
| 3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 // TLS low level connection and record layer | 5 // TLS low level connection and record layer |
| 6 | 6 |
| 7 package tls | 7 package tls |
| 8 | 8 |
| 9 import ( | 9 import ( |
| 10 "bytes" | 10 "bytes" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 handshakeComplete bool | 35 handshakeComplete bool |
| 36 didResume bool // whether this connection was a session resumpti
on | 36 didResume bool // whether this connection was a session resumpti
on |
| 37 cipherSuite uint16 | 37 cipherSuite uint16 |
| 38 ocspResponse []byte // stapled OCSP response | 38 ocspResponse []byte // stapled OCSP response |
| 39 peerCertificates []*x509.Certificate | 39 peerCertificates []*x509.Certificate |
| 40 // verifiedChains contains the certificate chains that we built, as | 40 // verifiedChains contains the certificate chains that we built, as |
| 41 // opposed to the ones presented by the server. | 41 // opposed to the ones presented by the server. |
| 42 verifiedChains [][]*x509.Certificate | 42 verifiedChains [][]*x509.Certificate |
| 43 // serverName contains the server name indicated by the client, if any. | 43 // serverName contains the server name indicated by the client, if any. |
| 44 serverName string | 44 serverName string |
| 45 // firstFinished contains the first Finished hash sent during the |
| 46 // handshake. This is the "tls-unique" channel binding value. |
| 47 firstFinished [12]byte |
| 45 | 48 |
| 46 clientProtocol string | 49 clientProtocol string |
| 47 clientProtocolFallback bool | 50 clientProtocolFallback bool |
| 48 | 51 |
| 49 // input/output | 52 // input/output |
| 50 in, out halfConn // in.Mutex < out.Mutex | 53 in, out halfConn // in.Mutex < out.Mutex |
| 51 rawInput *block // raw input, right off the wire | 54 rawInput *block // raw input, right off the wire |
| 52 input *block // application data waiting to be read | 55 input *block // application data waiting to be read |
| 53 hand bytes.Buffer // handshake data waiting to be read | 56 hand bytes.Buffer // handshake data waiting to be read |
| 54 | 57 |
| (...skipping 932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 987 state.HandshakeComplete = c.handshakeComplete | 990 state.HandshakeComplete = c.handshakeComplete |
| 988 if c.handshakeComplete { | 991 if c.handshakeComplete { |
| 989 state.Version = c.vers | 992 state.Version = c.vers |
| 990 state.NegotiatedProtocol = c.clientProtocol | 993 state.NegotiatedProtocol = c.clientProtocol |
| 991 state.DidResume = c.didResume | 994 state.DidResume = c.didResume |
| 992 state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback | 995 state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback |
| 993 state.CipherSuite = c.cipherSuite | 996 state.CipherSuite = c.cipherSuite |
| 994 state.PeerCertificates = c.peerCertificates | 997 state.PeerCertificates = c.peerCertificates |
| 995 state.VerifiedChains = c.verifiedChains | 998 state.VerifiedChains = c.verifiedChains |
| 996 state.ServerName = c.serverName | 999 state.ServerName = c.serverName |
| 1000 if !c.didResume { |
| 1001 state.TLSUnique = c.firstFinished[:] |
| 1002 } |
| 997 } | 1003 } |
| 998 | 1004 |
| 999 return state | 1005 return state |
| 1000 } | 1006 } |
| 1001 | 1007 |
| 1002 // OCSPResponse returns the stapled OCSP response from the TLS server, if | 1008 // OCSPResponse returns the stapled OCSP response from the TLS server, if |
| 1003 // any. (Only valid for client connections.) | 1009 // any. (Only valid for client connections.) |
| 1004 func (c *Conn) OCSPResponse() []byte { | 1010 func (c *Conn) OCSPResponse() []byte { |
| 1005 c.handshakeMutex.Lock() | 1011 c.handshakeMutex.Lock() |
| 1006 defer c.handshakeMutex.Unlock() | 1012 defer c.handshakeMutex.Unlock() |
| 1007 | 1013 |
| 1008 return c.ocspResponse | 1014 return c.ocspResponse |
| 1009 } | 1015 } |
| 1010 | 1016 |
| 1011 // VerifyHostname checks that the peer certificate chain is valid for | 1017 // VerifyHostname checks that the peer certificate chain is valid for |
| 1012 // connecting to host. If so, it returns nil; if not, it returns an error | 1018 // connecting to host. If so, it returns nil; if not, it returns an error |
| 1013 // describing the problem. | 1019 // describing the problem. |
| 1014 func (c *Conn) VerifyHostname(host string) error { | 1020 func (c *Conn) VerifyHostname(host string) error { |
| 1015 c.handshakeMutex.Lock() | 1021 c.handshakeMutex.Lock() |
| 1016 defer c.handshakeMutex.Unlock() | 1022 defer c.handshakeMutex.Unlock() |
| 1017 if !c.isClient { | 1023 if !c.isClient { |
| 1018 return errors.New("tls: VerifyHostname called on TLS server conn
ection") | 1024 return errors.New("tls: VerifyHostname called on TLS server conn
ection") |
| 1019 } | 1025 } |
| 1020 if !c.handshakeComplete { | 1026 if !c.handshakeComplete { |
| 1021 return errors.New("tls: handshake has not yet been performed") | 1027 return errors.New("tls: handshake has not yet been performed") |
| 1022 } | 1028 } |
| 1023 return c.peerCertificates[0].VerifyHostname(host) | 1029 return c.peerCertificates[0].VerifyHostname(host) |
| 1024 } | 1030 } |
| LEFT | RIGHT |
|---|
