Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: GetCertificate should have a way to signal unrecognized_name #19300

Closed
Luit opened this issue Feb 27, 2017 · 3 comments
Closed

crypto/tls: GetCertificate should have a way to signal unrecognized_name #19300

Luit opened this issue Feb 27, 2017 · 3 comments
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
Go1.9Maybe

Comments

@Luit
Copy link

Luit commented Feb 27, 2017
edited

What version of Go are you using (go version)?

go version go1.8 linux/amd64

What operating system and processor architecture are you using (go env)?

GOHOSTARCH="amd64"
GOHOSTOS="linux"

What did you do?

Through using golang.org/x/crypto/acme/autocert I noticed the TLS listener implementation uses a fatal-level internal_error alert to signal the client that it can't handle a servername.

What did you expect to see?

Ideally, the TLS implementation should be able to signal a TLS alert called unrecognized_name in response. In RFC6066 Section 3 the following is defined:

If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake.

What did you see instead?

The TLS implementation currently doesn't support the unrecognized_name alert, and if it had GetCertificate has no (documented) way of triggering it.

I'd also like to attempt to implement this myself. Any input on implementation is welcome.
@bradfitz bradfitz added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Feb 27, 2017
@bradfitz bradfitz added this to the Go1.9Maybe milestone Feb 27, 2017
@bradfitz
Copy link
Contributor

Leaving to @agl for whether he has opinions on this TLS alert type.

@Luit
Copy link
Author

Luit commented Feb 27, 2017

Again, I'm willing to take a first shot at this, if this is something more people than myself think is desired.

@FiloSottile
Copy link
Contributor

Duplicate of #18377

@golang golang locked and limited conversation to collaborators Feb 28, 2018
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Milestone
Go1.9Maybe
Development

No branches or pull requests
5 participants
@bradfitz @agl @Luit @FiloSottile @gopherbot