New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: client handshake regression #3339
Labels
Milestone
Comments
Comment 2 by graham@gkgk.org: Yes, I mean r60 (9516:c1702f36df03). It works up to and including 11105:8be74fb194f3, then does not work from 11106:d620ce23ebe4 up to tip (12748:c8614af8523a). |
Comment 3 by graham@gkgk.org: Yes, specifically I mean release.r60.3 (9516:c1702f36df03). It works up to and including 11105:8be74fb194f3, then does not work from 11106:d620ce23ebe4 up to tip (12748:c8614af8523a). |
Adding Adam. Graham, if you'd like us to use your patch, have you submitted a CLA? See the copyright section here: http://weekly.golang.org/doc/contribute.html#copyright |
Comment 5 by graham@gkgk.org: I have submitted a CLA. As for using the patch, I think it needs someone with TLS knowledge to look at it. |
certToSend may be nil in either of two cases: when the server doesn't send a certificate request message at all or when we have no matching certificates to send. The patch is only correct for the second case. This is a valid bug though since we're not following the RFC here. Section 7.4.6 of RFC 4346 states that we must send a certificate message with an empty certificate_list if the server requests a client certificate but we have none to give. Status changed to Accepted. |
Comment 8 by graham@gkgk.org: Could you use openssl s_client instead? It prints a full hex dump: openssl s_client -tls1 -debug -connect irc.freenode.net:6697 |
http://golang.org/cl/5845067 The testing could probably do with an overhaul, probably by generating the traces using a special net.Conn. But that's not something to do prior to Go 1. I'm happy just to fix this given that the change is small. Owner changed to @agl. |
This issue was closed by revision aa1d417. Status changed to Fixed. |
Comment 11 by graham@gkgk.org: I confirm the fix works for me. Thanks a lot! |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
If a CertificateRequest is received we have to reply with a Certificate message, even if we don't have a certificate to offer. Fixes golang#3339. R=golang-dev, r, ality CC=golang-dev https://golang.org/cl/5845067
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by graham@gkgk.org:
Attachments:
The text was updated successfully, but these errors were encountered: