From 5da02cccbed0af950d0bdaa91b4af59f16949ec1 Mon Sep 17 00:00:00 2001
From: Gaukas Wang <i@gauk.as>
Date: Thu, 9 Mar 2023 14:44:27 -0700
Subject: [PATCH] fix: clear/revise comments

---
 handshake_client.go       |  4 ++--
 handshake_client_tls13.go | 11 ++++-------
 u_handshake_client.go     |  3 +--
 3 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/handshake_client.go b/handshake_client.go
index 69f92a0..e0f21eb 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -230,7 +230,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 		}
 
 		// In TLS 1.3, session tickets are delivered after the handshake.
-		return hs.handshake() // UTLSTODO: returned error
+		return hs.handshake()
 	}
 
 	hs := &clientHandshakeState{
@@ -523,7 +523,7 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 
 		c.ocspResponse = cs.response
 
-		msg, err = c.readHandshake(&hs.finishedHash) // UTLSTODO: note this added transcriptHash.
+		msg, err = c.readHandshake(&hs.finishedHash)
 		if err != nil {
 			return err
 		}
diff --git a/handshake_client_tls13.go b/handshake_client_tls13.go
index d4db8b2..ca0368c 100644
--- a/handshake_client_tls13.go
+++ b/handshake_client_tls13.go
@@ -361,9 +361,6 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 	}
 	// [uTLS SECTION ENDS]
 
-	// UTLSTODO: delete comment
-	// hs.transcript.Write(hs.hello.marshal())
-	// if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
 	if _, err := hs.c.writeHandshakeRecord(hs.hello, hs.transcript); err != nil {
 		return err
 	}
@@ -536,8 +533,10 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		return nil
 	}
 
+	// [UTLS SECTION BEGINS]
 	// msg, err := c.readHandshake(hs.transcript)
-	msg, err := c.readHandshake(nil) // [UTLS] we don't write to transcript until make sure it is not compressed cert
+	msg, err := c.readHandshake(nil) // hold writing to transcript until we know it is not compressed cert
+	// [UTLS SECTION ENDS]
 	if err != nil {
 		return err
 	}
@@ -578,9 +577,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 		return errors.New("tls: received empty certificates message")
 	}
 	// [UTLS SECTION BEGINS]
-	// Previously, this was simply 'hs.transcript.Write(certMsg.marshal())' (without the if).
-	if !skipWritingCertToTranscript { // utlsReadServerCertificate didn't call transcriptMsg()
-		// hs.transcript.Write(certMsg.marshal()) // deprecated since Go 1.19.6
+	if !skipWritingCertToTranscript { // write to transcript only if it is not compressedCert (i.e. if not processed by extension)
 		if err = transcriptMsg(certMsg, hs.transcript); err != nil {
 			return err
 		}
diff --git a/u_handshake_client.go b/u_handshake_client.go
index 950a852..7e43c1b 100644
--- a/u_handshake_client.go
+++ b/u_handshake_client.go
@@ -25,8 +25,7 @@ func (hs *clientHandshakeStateTLS13) utlsReadServerCertificate(msg any) (process
 			if len(hs.uconn.certCompressionAlgs) > 0 {
 				compressedCertMsg, ok := msg.(*utlsCompressedCertificateMsg)
 				if ok {
-					// hs.transcript.Write(compressedCertMsg.marshal()) // deprecated since Go 1.19.6
-					if err = transcriptMsg(compressedCertMsg, hs.transcript); err != nil { // UTLSTODO: debug
+					if err = transcriptMsg(compressedCertMsg, hs.transcript); err != nil {
 						return nil, err
 					}
 					msg, err = hs.decompressCert(*compressedCertMsg)