Index: src/pkg/crypto/tls/handshake_messages.go |
=================================================================== |
--- a/src/pkg/crypto/tls/handshake_messages.go |
+++ b/src/pkg/crypto/tls/handshake_messages.go |
@@ -881,9 +881,11 @@ |
// See http://tools.ietf.org/html/rfc4346#section-7.4.4 |
length := 1 + len(m.certificateTypes) + 2 |
+ tot := 0 |
for _, ca := range m.certificateAuthorities { |
- length += 2 + len(ca) |
+ tot += 2 + len(ca) |
} |
+ length += tot |
x = make([]byte, 4+length) |
x[0] = typeCertificateRequest |
@@ -895,10 +897,8 @@ |
copy(x[5:], m.certificateTypes) |
y := x[5+len(m.certificateTypes):] |
- |
- numCA := len(m.certificateAuthorities) |
- y[0] = uint8(numCA >> 8) |
- y[1] = uint8(numCA) |
+ y[0] = uint8(tot >> 8) |
+ y[1] = uint8(tot) |
y = y[2:] |
for _, ca := range m.certificateAuthorities { |
y[0] = uint8(len(ca) >> 8) |
@@ -909,7 +909,6 @@ |
} |
m.raw = x |
- |
return |
} |
@@ -941,27 +940,29 @@ |
return false |
} |
- numCAs := uint16(data[0])<<16 | uint16(data[1]) |
+ caLen := uint16(data[0])<<8 | uint16(data[1]) |
data = data[2:] |
- m.certificateAuthorities = make([][]byte, numCAs) |
- for i := uint16(0); i < numCAs; i++ { |
+ m.certificateAuthorities = nil |
+ for caLen > 0 { |
if len(data) < 2 { |
return false |
} |
- caLen := uint16(data[0])<<16 | uint16(data[1]) |
+ l := uint16(data[0])<<8 | uint16(data[1]) |
data = data[2:] |
- if len(data) < int(caLen) { |
+ caLen -= 2 |
+ |
+ if len(data) < int(l) { |
return false |
} |
- ca := make([]byte, caLen) |
+ ca := make([]byte, l) |
copy(ca, data) |
- m.certificateAuthorities[i] = ca |
- data = data[caLen:] |
+ m.certificateAuthorities = append(m.certificateAuthorities, ca) |
+ data = data[l:] |
+ caLen -= l |
} |
- |
if len(data) > 0 { |
return false |
} |