crypto/tls: Config.EncryptedClientHelloRejectionVerify has no access to the certificates #75242
Description
Go version
go version go1.25.0 darwin/arm64
Output of go env in your module/workspace:
Not relevantWhat did you do?
I'm trying to use Config.EncryptedClientHelloRejectionVerify to validate the certificate for the rejection. However, there's nothing about the certificates in the input ConnectionState:
My code:
tlsConfig.EncryptedClientHelloRejectionVerify = func(cs tls.ConnectionState) error {
slog.Debug("EncryptedClientHelloRejectionVerify", "ConnectionState", cs)
return nil
}What did you see happen?
Output:
{Version:772 HandshakeComplete:false DidResume:false CipherSuite:4865 CurveID:X25519MLKEM768 NegotiatedProtocol:http/1.1 NegotiatedProtocolIsMutual:true ServerName:public.test.defo.ie PeerCertificates:[] VerifiedChains:[] SignedCertificateTimestamps:[] OCSPResponse:[] TLSUnique:[] ECHAccepted:false ekm:<nil> testingOnlyDidHRR:false testingOnlyPeerSignatureAlgorithm:0}If I try to access the PeerCertificate, it panics, because it's empty.
What did you expect to see?
I need the PeerCertificates and VerifiedChains in order to do custom certificate verification like we do with TLS without ECH.
Strangely, the if the verification function is not set, the code does its own validation, but it's not customizable:
https://cs.opensource.google/go/go/+/master:src/crypto/tls/handshake_client.go;l=1137;drc=7bba745820b771307593b7278ce17464eeda2f3d
I also don't understand why the VerifyPeerCertificate is disabled when ECH is rejected:
https://cs.opensource.google/go/go/+/master:src/crypto/tls/handshake_client.go;l=1194;drc=7bba745820b771307593b7278ce17464eeda2f3d
Because of that, there's no way to validate the certificate on ECH rejection with custom Roots or for a server name that doesn't match the public name.