mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

[dev.boringcrypto] all: merge master into dev.boringcrypto

Browse source 
Change-Id: I948e086e11e1da571e2be23bb08a7bbd6618dc2f
This commit is contained in:
Dmitri Shuralyov 2020-07-08 23:29:54 -04:00
commit afeb57a673
21 changed files with 1322 additions and 641 deletions
Download patch file Download diff file Expand all files Collapse all files

17
handshake_server_tls13.go
View file

@ -310,6 +310,7 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
return errors.New("tls: invalid PSK binder")
}
c.didResume = true
if err := c.processCertsFromClient(sessionState.certificate); err != nil {
return err
}
@ -317,7 +318,6 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error {
hs.hello.selectedIdentityPresent = true
hs.hello.selectedIdentity = uint16(i)
hs.usingPSK = true
c.didResume = true
return nil
}
@ -757,6 +757,14 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
c := hs.c
if !hs.requestClientCert() {
// Make sure the connection is still being verified whether or not
// the server requested a client certificate.
if c.config.VerifyConnection != nil {
if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
c.sendAlert(alertBadCertificate)
return err
}
}
return nil
}
@ -779,6 +787,13 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
return err
}
if c.config.VerifyConnection != nil {
if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
c.sendAlert(alertBadCertificate)
return err
}
}
if len(certMsg.certificate.Certificate) != 0 {
msg, err = c.readHandshake()
if err != nil {