Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: missing alert values #35911

Open
aviddiviner opened this issue Nov 30, 2019 · 2 comments
Labels
Milestone

Comments

@aviddiviner
Copy link

@aviddiviner aviddiviner commented Nov 30, 2019

In RFC 6066 there are 4 new error alerts that are defined, which are missing from crypto/tls alert.go.

There are:

certificate unobtainable (111)
unrecognized name (112)
bad certificate status response (113)
bad certificate hash value (114)

They should be added as constants in crypto/tls.

What version of Go are you using (go version)?

$ go version
go version go1.13.4 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/me/Library/Caches/go-build"
GOENV="/Users/me/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/me/dev/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.13.4/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.13.4/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -gno-record-gcc-switches -fno-common"

What did you do?

package main

import (
	"crypto/tls"
	"fmt"
	"net"
)

func main() {
	host := "showtimego.com"
	addr := net.JoinHostPort(host, "443")

	dialer := &net.Dialer{}
	config := &tls.Config{ServerName: host}

	conn, _ := dialer.Dial("tcp", addr)
	defer conn.Close()
	client := tls.Client(conn, config)
	defer client.Close()

	err := client.Handshake()
	fmt.Println(err) // remote error: tls: alert(112)
}

What did you expect to see?

remote error: tls: unrecognized name

What did you see instead?

remote error: tls: alert(112)

@tmthrgd

This comment has been minimized.

Copy link
Contributor

@tmthrgd tmthrgd commented Nov 30, 2019

unrecognized_name was added to tip for #18377. The others have not been, but I think that may have been intentional.

@FiloSottile FiloSottile changed the title crypto/tls: Missing alert values (RFC 6066) crypto/tls: missing alert values Dec 1, 2019
@FiloSottile FiloSottile added the NeedsFix label Dec 1, 2019
@FiloSottile FiloSottile added this to the Go1.15 milestone Dec 1, 2019
@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Dec 1, 2019

Yeah, even if we don't send them (because we send all the wrong alerts all the time), we should be able to print their description when we get them.

The full IANA registry is here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.