Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: HTTP + TLS Handshaking documentation seems inaccurate #1956

Closed
gopherbot opened this issue Jun 14, 2011 · 4 comments
Closed

net/http: HTTP + TLS Handshaking documentation seems inaccurate #1956

gopherbot opened this issue Jun 14, 2011 · 4 comments
Labels
FrozenDueToAge

Comments

@gopherbot
Copy link

by jdnurmi@qwe.cc:

(Not really sure where/if there is an actual bug, but the documentation seems
inaccurate);

Documentation
=============
func (c *Conn) tls.Handshake() os.Error

... ***Most uses of this package need not call Handshake explicitly: the first Read or
Write will call it automatically ***


One would then assume an http.ListenAndServeTLS, in accumulating the request, would have
forced a handshake to occur.

Instead, I've ended up needing to create a custom listener that forces a handshake in
order to establish PeerCert data in the ConnectionState attribute.

I'm not certain this is wrong from the standpoint of TLS phrasing, but the documentation
can lead a developer to be confused.

What steps will reproduce the problem?
1.  Create a self-signed cert & key: openssl req -new -x509 -nodes  -subj
"/CN=localhost" -out host.cert
2. Compile & run attached sample
3. curl --insecure https://localhost:8443

What is the expected output?
Handshake complete

What do you see instead?
Handshake incomplete


Which compiler are you using (5g, 6g, 8g, gccgo)?
8g

Which operating system are you using?
linux

Which revision are you using?  (hg identify)
53460e066c2f+ tip

Please provide any additional information below.

I'm not convinced a code-change is needed, but someone who understands why the
documentation seems conflicting would do well to clarify it.

Attachments:

  1. tlstest.go (451 bytes)
@rsc
Copy link
Contributor

rsc commented Jun 14, 2011

Comment 1:

Passing to bradfitz for triage, probably agl eventually.

Owner changed to @bradfitz.

Status changed to Accepted.

@bradfitz
Copy link
Contributor

Comment 2:

Labels changed: added pkg-http.

@bradfitz
Copy link
Contributor

Comment 3:

Sorry, just got a chance to look into this.
I can confirm the problem.  It looks like the handshake does happen, but the http
package takes a snapshot of the TLS state from before the HTTP request is read (hence
before the handshake takes place).
I'll move it around and add a test.
Thanks for the great report!

@bradfitz
Copy link
Contributor

Comment 4:

This issue was closed by revision 7e29f1a.

Status changed to Fixed.

@mikioh mikioh changed the title HTTP + TLS Handshaking documentation seems inaccurate net/http: HTTP + TLS Handshaking documentation seems inaccurate Jan 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bradfitz @rsc @gopherbot