Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: GetCertificate should have a way to signal `unrecognized_name` #19300

Closed
Luit opened this issue Feb 27, 2017 · 3 comments
Closed

crypto/tls: GetCertificate should have a way to signal `unrecognized_name` #19300

Luit opened this issue Feb 27, 2017 · 3 comments
Assignees
Milestone

Comments

@Luit
Copy link

@Luit Luit commented Feb 27, 2017

What version of Go are you using (go version)?

go version go1.8 linux/amd64

What operating system and processor architecture are you using (go env)?

GOHOSTARCH="amd64"
GOHOSTOS="linux"

What did you do?

Through using golang.org/x/crypto/acme/autocert I noticed the TLS listener implementation uses a fatal-level internal_error alert to signal the client that it can't handle a servername.

What did you expect to see?

Ideally, the TLS implementation should be able to signal a TLS alert called unrecognized_name in response. In RFC6066 Section 3 the following is defined:

If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake.

What did you see instead?

The TLS implementation currently doesn't support the unrecognized_name alert, and if it had GetCertificate has no (documented) way of triggering it.

I'd also like to attempt to implement this myself. Any input on implementation is welcome.

@bradfitz bradfitz added this to the Go1.9Maybe milestone Feb 27, 2017
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Feb 27, 2017

Leaving to @agl for whether he has opinions on this TLS alert type.

@Luit

This comment has been minimized.

Copy link
Author

@Luit Luit commented Feb 27, 2017

Again, I'm willing to take a first shot at this, if this is something more people than myself think is desired.

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Feb 28, 2017

Duplicate of #18377

@bradfitz bradfitz closed this Feb 28, 2017
@golang golang locked and limited conversation to collaborators Feb 28, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.