You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The crypto/tls client is unable to make connections when:
- NPN is being used, and
- NPN is not the last extension received in the ServerHello message.
During umarshalling of ServerHello messages (in crypto/tls/handshake_messages.go), too
many bytes are read while unmarshalling NPN extensions. It reads upto the end of the
ServerHello, instead of the end of the extension; so any extensions after NPN are
accidentally interpreted as part of the NPN extension instead.
What steps will reproduce the problem?
1. Run the attached test.go. It will attempt two connections to https://skip.org:4443 ,
which has reordered ServerHello extensions to show the problem (NPN is not the last
extension, ServerName and others come after NPN).
What is the expected output?
The two connections should succeed.
What do you see instead?
The connection using NPN fails.
I have attached a patch which fixes the problem.
Tom
I typoed the code and tried to parse all the way to the end of the
message. Therefore it fails when NPN is not the last extension in the
ServerHello.
Fixesgolang#4088.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6637052
This issue was closed.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by tfh@skip.org:
Attachments:
The text was updated successfully, but these errors were encountered: