crypto/tls: add support for Certificate Transparency

This change adds support for serving and receiving Signed Certificate Timestamps as described in RFC 6962. The server is now capable of serving SCTs listed in the Certificate structure. The client now asks for SCTs and, if any are received, they are exposed in the ConnectionState structure. Fixes #10201 Change-Id: Ib3adae98cb4f173bc85cec04d2bdd3aa0fec70bb Reviewed-on: https://go-review.googlesource.com/8988 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
2025-04-04 04:27:36 +03:00 · 2015-04-16 14:59:22 -04:00 · 2015-04-16 14:59:22 -04:00 · cf04082452
commit cf04082452
parent 06b29738e8
31 changed files with 1106 additions and 779 deletions
--- a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
+++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM
@ -1,18 +1,19 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 79 01 00 00  75 03 03 00 00 00 00 00  |....y...u.......|
+00000000  16 03 01 00 7d 01 00 00  79 03 03 00 00 00 00 00  |....}...y.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 1e c0 2f  |.............../|
 00000030  c0 2b c0 30 c0 2c c0 11  c0 07 c0 13 c0 09 c0 14  |.+.0.,..........|
-00000040  c0 0a 00 05 00 2f 00 35  c0 12 00 0a 01 00 00 2e  |...../.5........|
+00000040  c0 0a 00 05 00 2f 00 35  c0 12 00 0a 01 00 00 32  |...../.5.......2|
 00000050  00 05 00 05 01 00 00 00  00 00 0a 00 08 00 06 00  |................|
 00000060  17 00 18 00 19 00 0b 00  02 01 00 00 0d 00 0a 00  |................|
-00000070  08 04 01 04 03 02 01 02  03 ff 01 00 01 00        |..............|
+00000070  08 04 01 04 03 02 01 02  03 ff 01 00 01 00 00 12  |................|
+00000080  00 00                                             |..|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 59 02 00 00  55 03 03 c9 39 e6 18 c8  |....Y...U...9...|
-00000010  4a 7f f3 23 75 99 22 80  48 bc e3 a7 eb 49 d5 95  |J..#u.".H....I..|
-00000020  b1 ec 1d 9e 44 09 6e d9  b7 b2 f8 20 30 fd 2b 50  |....D.n.... 0.+P|
-00000030  d2 91 de c3 d0 84 a9 d5  ba c0 45 0f 18 c4 98 73  |..........E....s|
-00000040  4b cf c6 82 dd 88 0d 35  28 8e f8 d3 c0 2b 00 00  |K......5(....+..|
+00000000  16 03 03 00 59 02 00 00  55 03 03 cc 2d 9e fe 46  |....Y...U...-..F|
+00000010  a5 dc a6 93 4e 58 ff 13  04 cd 5a fb eb 0f 6f c2  |....NX....Z...o.|
+00000020  46 58 19 c1 38 4b ed 3c  3a d4 c9 20 96 e6 c7 ee  |FX..8K.<:.. ....|
+00000030  b5 6a 98 e7 f1 18 92 b4  f3 ab 0e d4 ac f2 02 4b  |.j.............K|
+00000040  bf 93 cc bf 3d 42 72 6a  cd c8 b6 76 c0 2b 00 00  |....=Brj...v.+..|
 00000050  0d ff 01 00 01 00 00 0b  00 04 03 00 01 02 16 03  |................|
 00000060  03 02 0e 0b 00 02 0a 00  02 07 00 02 04 30 82 02  |.............0..|
 00000070  00 30 82 01 62 02 09 00  b8 bf 2d 47 a0 d2 eb f4  |.0..b.....-G....|
@ -47,20 +48,20 @@
 00000240  13 83 0d 94 06 bb d4 37  7a f6 ec 7a c9 86 2e dd  |.......7z..z....|
 00000250  d7 11 69 7f 85 7c 56 de  fb 31 78 2b e4 c7 78 0d  |..i..|V..1x+..x.|
 00000260  ae cb be 9e 4e 36 24 31  7b 6a 0f 39 95 12 07 8f  |....N6$1{j.9....|
-00000270  2a 16 03 03 00 d8 0c 00  00 d4 03 00 17 41 04 91  |*............A..|
-00000280  d0 f0 1b df 51 57 74 f3  62 ee d5 9e e8 7d bd 65  |....QWt.b....}.e|
-00000290  69 0a 5a 2b 75 c3 3c f7  24 3f 91 26 34 fe d8 8f  |i.Z+u.<.$?.&4...|
-000002a0  fa d3 7e f6 f5 01 89 7b  f5 69 5c c2 52 41 81 93  |..~....{.i\.RA..|
-000002b0  c4 9e 01 5d 96 fa db 41  3d 0b 78 58 ad 29 b5 04  |...]...A=.xX.)..|
-000002c0  03 00 8b 30 81 88 02 42  01 92 7c 0a 7c 79 d1 41  |...0...B..|.|y.A|
-000002d0  98 b7 57 37 10 d9 31 41  2e fe d5 a8 94 26 fa 59  |..W7..1A.....&.Y|
-000002e0  78 bf 15 c0 cf e7 a9 09  a8 6f 97 45 1b 3f e6 60  |x........o.E.?.`|
-000002f0  2d 78 dc ec 99 0f 92 43  64 20 c4 6b 59 16 df 66  |-x.....Cd .kY..f|
-00000300  83 a0 f1 d1 91 c1 8a 29  ce 4d 02 42 01 61 a2 6c  |.......).M.B.a.l|
-00000310  84 58 58 0b 74 fa 9e 4c  33 6a b5 b1 a9 da ad 1c  |.XX.t..L3j......|
-00000320  d9 33 25 91 59 a0 f2 21  ae b1 14 15 4a d1 65 50  |.3%.Y..!....J.eP|
-00000330  0e 1d 1e bc f6 29 da 22  09 20 de 75 30 ac 0a 1e  |.....).". .u0...|
-00000340  7e 46 98 89 dd 6d e4 6a  9b 83 b5 85 f3 74 16 03  |~F...m.j.....t..|
+00000270  2a 16 03 03 00 d8 0c 00  00 d4 03 00 17 41 04 4b  |*............A.K|
+00000280  42 a6 35 4b d4 eb d8 9c  08 38 7a 50 3f 24 33 16  |B.5K.....8zP?$3.|
+00000290  10 d9 16 cd 2f e8 7a 83  a4 f2 09 aa 7c 2c 61 de  |..../.z.....|,a.|
+000002a0  e0 b6 20 22 b0 cf f6 c6  2a e9 da 4b 55 b8 13 a0  |.. "....*..KU...|
+000002b0  94 16 33 dd 46 32 7a 7b  6e 0b 43 96 00 68 40 04  |..3.F2z{n.C..h@.|
+000002c0  03 00 8b 30 81 88 02 42  01 66 b1 9f aa 18 59 d6  |...0...B.f....Y.|
+000002d0  2a 37 2f 68 de 21 69 bd  c2 70 a8 12 1e 6e 8d b3  |*7/h.!i..p...n..|
+000002e0  06 87 16 21 c9 ad 3f 94  23 ea 15 ce c1 ed cc 37  |...!..?.#......7|
+000002f0  4e 0a 75 62 24 31 d6 8c  57 38 05 f0 46 09 ba 2d  |N.ub$1..W8..F..-|
+00000300  f0 a3 f5 de cb 0a 7f 8a  8a bc 02 42 01 64 e5 d7  |...........B.d..|
+00000310  5b f3 14 9d c0 77 a5 00  ed aa 6b d2 48 42 16 fe  |[....w....k.HB..|
+00000320  d1 b5 13 df e1 71 6b 48  9a a0 9a 7d 35 79 ef 4b  |.....qkH...}5y.K|
+00000330  eb a4 a0 05 ce 43 05 62  d9 58 73 34 fd 03 d8 24  |.....C.b.Xs4...$|
+00000340  d8 9b 95 cd cd 7b f1 00  a5 96 f0 8a 66 48 16 03  |.....{......fH..|
 00000350  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 46 10 00 00  42 41 04 1e 18 37 ef 0d  |....F...BA...7..|
@ -68,17 +69,17 @@
 00000020  a7 24 20 3e b2 56 1c ce  97 28 5e f8 2b 2d 4f 9e  |.$ >.V...(^.+-O.|
 00000030  f1 07 9f 6c 4b 5b 83 56  e2 32 42 e9 58 b6 d7 49  |...lK[.V.2B.X..I|
 00000040  a6 b5 68 1a 41 03 56 6b  dc 5a 89 14 03 03 00 01  |..h.A.Vk.Z......|
-00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 b0 4d  |.....(.........M|
-00000060  e2 ad 33 40 f2 44 e3 c7  ad a5 c6 c7 e5 00 07 68  |..3@.D.........h|
-00000070  72 80 d5 89 f0 aa 72 2b  36 5a 51 f6 f0 6a        |r.....r+6ZQ..j|
+00000050  01 16 03 03 00 28 00 00  00 00 00 00 00 00 c0 1c  |.....(..........|
+00000060  10 ee 8d 98 b4 78 2d 7f  84 48 6d 6b 35 96 1d 4e  |.....x-..Hmk5..N|
+00000070  8c 00 13 a9 ca 35 50 9a  8c d5 07 63 95 54        |.....5P....c.T|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 28 5d b6 1b 59 71  |..........(]..Yq|
-00000010  f0 7a 2c 4f d5 f0 7b a7  ab 56 48 4d b4 f7 5c bc  |.z,O..{..VHM..\.|
-00000020  34 d6 cc 02 4f 1f 45 b2  e9 ff 96 0e a2 47 d6 4e  |4...O.E......G.N|
-00000030  47 83 68                                          |G.h|
+00000000  14 03 03 00 01 01 16 03  03 00 28 3b 0b 13 c6 82  |..........(;....|
+00000010  d3 83 a9 bc b7 64 b5 e6  17 16 58 99 5d f1 b1 c0  |.....d....X.]...|
+00000020  dd bf 62 e4 c6 76 7a 4a  fc fe ba 1b 9a 3e 63 5c  |..b..vzJ.....>c\|
+00000030  86 cd f5                                          |...|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 2f f1 95  |............./..|
-00000010  75 5e 0d fb 48 9b 40 10  6d bb 81 7e d2 ca 68 ae  |u^..H.@.m..~..h.|
-00000020  84 47 d2 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.G..............|
-00000030  26 87 82 85 fa 5f a2 b2  19 b2 4e 81 f6 0f c6 c5  |&...._....N.....|
-00000040  e0 3e                                             |.>|
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 e2 da ed  |................|
+00000010  5b ad 71 ad 0f e0 7b 60  4f dc 27 68 ad 9d 06 08  |[.q...{`O.'h....|
+00000020  85 3a 35 15 03 03 00 1a  00 00 00 00 00 00 00 02  |.:5.............|
+00000030  7b ed 30 41 50 99 97 df  49 c3 54 dc 38 e7 5b a2  |{.0AP...I.T.8.[.|
+00000040  f5 f4                                             |..|