Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: missing alert values #35911

Closed
aviddiviner opened this issue Nov 30, 2019 · 3 comments
Closed

crypto/tls: missing alert values #35911

aviddiviner opened this issue Nov 30, 2019 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.15

Comments

@aviddiviner
Copy link

In RFC 6066 there are 4 new error alerts that are defined, which are missing from crypto/tls alert.go.

There are:

certificate unobtainable (111)
unrecognized name (112)
bad certificate status response (113)
bad certificate hash value (114)

They should be added as constants in crypto/tls.

What version of Go are you using (go version)?

$ go version
go version go1.13.4 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/me/Library/Caches/go-build"
GOENV="/Users/me/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/me/dev/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.13.4/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.13.4/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -gno-record-gcc-switches -fno-common"

What did you do?

package main

import (
	"crypto/tls"
	"fmt"
	"net"
)

func main() {
	host := "showtimego.com"
	addr := net.JoinHostPort(host, "443")

	dialer := &net.Dialer{}
	config := &tls.Config{ServerName: host}

	conn, _ := dialer.Dial("tcp", addr)
	defer conn.Close()
	client := tls.Client(conn, config)
	defer client.Close()

	err := client.Handshake()
	fmt.Println(err) // remote error: tls: alert(112)
}

What did you expect to see?

remote error: tls: unrecognized name

What did you see instead?

remote error: tls: alert(112)
@tmthrgd
Copy link
Contributor

tmthrgd commented Nov 30, 2019

unrecognized_name was added to tip for #18377. The others have not been, but I think that may have been intentional.

@FiloSottile FiloSottile changed the title crypto/tls: Missing alert values (RFC 6066) crypto/tls: missing alert values Dec 1, 2019
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label Dec 1, 2019
@FiloSottile FiloSottile added this to the Go1.15 milestone Dec 1, 2019
@FiloSottile
Copy link
Contributor

Yeah, even if we don't send them (because we send all the wrong alerts all the time), we should be able to print their description when we get them.

The full IANA registry is here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6

@gopherbot
Copy link

Change https://golang.org/cl/226858 mentions this issue: crypto/tls: add missing alert values

@golang golang locked and limited conversation to collaborators Apr 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.15
Development

No branches or pull requests
5 participants
@tmthrgd @aviddiviner @FiloSottile @gopherbot @katiehockman