The crypto/tls client is unable to make connections when:
- NPN is being used, and
- NPN is not the last extension received in the ServerHello message.
During umarshalling of ServerHello messages (in crypto/tls/handshake_messages.go), too
many bytes are read while unmarshalling NPN extensions. It reads upto the end of the
ServerHello, instead of the end of the extension; so any extensions after NPN are
accidentally interpreted as part of the NPN extension instead.
What steps will reproduce the problem?
1. Run the attached test.go. It will attempt two connections to https://skip.org:4443 ,
which has reordered ServerHello extensions to show the problem (NPN is not the last
extension, ServerName and others come after NPN).
What is the expected output?
The two connections should succeed.
What do you see instead?
The connection using NPN fails.
I have attached a patch which fixes the problem.
I typoed the code and tried to parse all the way to the end of the
message. Therefore it fails when NPN is not the last extension in the