crypto/tls: client handshake regression #3339
Labels
Milestone
Comments
|
Comment 2 by graham@gkgk.org: Yes, I mean r60 (9516:c1702f36df03). It works up to and including 11105:8be74fb194f3, then does not work from 11106:d620ce23ebe4 up to tip (12748:c8614af8523a). |
|
Comment 3 by graham@gkgk.org: Yes, specifically I mean release.r60.3 (9516:c1702f36df03). It works up to and including 11105:8be74fb194f3, then does not work from 11106:d620ce23ebe4 up to tip (12748:c8614af8523a). |
Adding Adam. Graham, if you'd like us to use your patch, have you submitted a CLA? See the copyright section here: http://weekly.golang.org/doc/contribute.html#copyright |
|
Comment 5 by graham@gkgk.org: I have submitted a CLA. As for using the patch, I think it needs someone with TLS knowledge to look at it. |
certToSend may be nil in either of two cases: when the server doesn't send a certificate request message at all or when we have no matching certificates to send. The patch is only correct for the second case. This is a valid bug though since we're not following the RFC here. Section 7.4.6 of RFC 4346 states that we must send a certificate message with an empty certificate_list if the server requests a client certificate but we have none to give. Status changed to Accepted. |
|
Comment 8 by graham@gkgk.org: Could you use openssl s_client instead? It prints a full hex dump:
openssl s_client -tls1 -debug -connect irc.freenode.net:6697
|
http://golang.org/cl/5845067 The testing could probably do with an overhaul, probably by generating the traces using a special net.Conn. But that's not something to do prior to Go 1. I'm happy just to fix this given that the change is small. Owner changed to @agl. |
|
This issue was closed by revision aa1d417. Status changed to Fixed. |
|
Comment 11 by graham@gkgk.org: I confirm the fix works for me. Thanks a lot! |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
If a CertificateRequest is received we have to reply with a Certificate message, even if we don't have a certificate to offer. Fixes golang#3339. R=golang-dev, r, ality CC=golang-dev https://golang.org/cl/5845067
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by graham@gkgk.org:
## What steps will reproduce the problem? 1. _, err := tls.Dial("tcp", "irc.freenode.net:6697", nil); 2. fmt.Println(err); ## What is the expected output? nil ## What do you see instead? remote error: unexpected message ## Which compiler are you using (5g, 6g, 8g, gccgo)? "go run" ## Which operating system are you using? Linux x86, Ubuntu ## Which revision are you using? (hg identify) c8614af8523a tip ## Please provide any additional information below. In "release" version, this worked. In latest weekly and tip it doesn't. The problem appeared in 11106:d620ce23ebe4, in handshake_client.go The attached diff gets it working, as does presenting a client cert. The problem may be that a "recordTypeHandshake" is not getting written if a client cert is not presented. Thread in golang-nuts: https://groups.google.com/forum/?fromgroups#!topic/golang-nuts/04va6nnOp8IAttachments:
The text was updated successfully, but these errors were encountered: