New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: newConn() copies the tls.ConnectionState before TLS handshake is completed #2081
Labels
Comments
Comment 2 by crest@tzi.de: :-! Attachments:
|
Owner changed to @bradfitz. |
Assigning to Adam. I'm not sure I understand why this is necessary. The TLS peer state changes throughout the connection? Owner changed to @agl. |
Works for me. See the test program that I used, attached. I had to delete the cipher suites restriction because my curl can't do ECDHE. $ curl -E both.pem -k https://127.0.0.1:10443/ results in this being printed: &tls.ConnectionState{HandshakeComplete:true, CipherSuite:0x2f, NegotiatedProtocol:"", NegotiatedProtocolIsMutual:true, PeerCertificates:[]*x509.Certificate{(*x509.Certificate)(0xf84010e900)}, VerifiedChains:[][]*x509.Certificate{}} The peer certificate is in there. However, note that client-side auth doesn't current verify against RootCAs. Any certificate chain will be included in PeerCertificates. Status changed to WorkingAsIntended. Attachments:
|
mikioh
changed the title
http.newConn() copies the tls.ConnectionState before TLS handshake is completed
net/http: newConn() copies the tls.ConnectionState before TLS handshake is completed
Jan 14, 2015
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by crest@tzi.de:
The text was updated successfully, but these errors were encountered: