crypto/tls: tidy up a little and add test.

This is a follow on to 28f33b4a which removes one of the boolean flags and adds a test for the key-driven cipher selection. Change-Id: If2a400de807eb19110352912a9f467491cc8986c Reviewed-on: https://go-review.googlesource.com/8428 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Jacob Haven <jacob@cloudflare.com>
2025-04-04 12:37:35 +03:00 · 2015-04-02 16:19:46 -07:00 · 2015-04-02 16:19:46 -07:00 · 569d8e983a
commit 569d8e983a
parent ff3bba2111
3 changed files with 69 additions and 15 deletions
--- a/common.go
+++ b/common.go
@ -489,10 +489,10 @@ func (c *Config) BuildNameToCertificate() {
 type Certificate struct {
 	Certificate [][]byte
 	// PrivateKey contains the private key corresponding to the public key
-	// in Leaf. For a server, this must implement either crypto.Decrypter
-	// (implemented by RSA private keys) or crypto.Signer (which includes
-	// RSA and ECDSA private keys). For a client doing client authentication,
-	// this can be any type that implements crypto.Signer.
+	// in Leaf. For a server, this must implement crypto.Signer and/or
+	// crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client
+	// (performing client authentication), this must be a crypto.Signer
+	// with an RSA or ECDSA PublicKey.
 	PrivateKey crypto.PrivateKey
 	// OCSPStaple contains an optional OCSP response which will be served
 	// to clients that request it.