Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: client not always able to connect when using NPN #4088

Closed
gopherbot opened this issue Sep 16, 2012 · 3 comments
Closed

crypto/tls: client not always able to connect when using NPN #4088

gopherbot opened this issue Sep 16, 2012 · 3 comments
Labels
FrozenDueToAge
Milestone
Go1.1

Comments

@gopherbot
Copy link

by tfh@skip.org:

The crypto/tls client is unable to make connections when:

- NPN is being used, and
- NPN is not the last extension received in the ServerHello message.

During umarshalling of ServerHello messages (in  crypto/tls/handshake_messages.go), too
many bytes are read while unmarshalling NPN extensions. It reads upto the end of the
ServerHello, instead of the end of the extension; so any extensions after NPN are
accidentally interpreted as part of the NPN extension instead.

What steps will reproduce the problem?
1. Run the attached test.go. It will attempt two connections to https://skip.org:4443 ,
which has reordered ServerHello extensions to show the problem (NPN is not the last
extension, ServerName and others come after NPN).

What is the expected output?
The two connections should succeed.

What do you see instead?
The connection using NPN fails.

I have attached a patch which fixes the problem.


Tom

Attachments:

  1. test.go (736 bytes)
  2. npn-unmarsal.patch (410 bytes)
@rsc
Copy link
Contributor

rsc commented Sep 17, 2012

Comment 1:

Labels changed: added priority-later, removed priority-triage.

Status changed to Accepted.

@rsc
Copy link
Contributor

rsc commented Oct 6, 2012

Comment 2:

Labels changed: added go1.1.

@agl
Copy link
Contributor

agl commented Oct 9, 2012

Comment 3:

This issue was closed by revision 7e90f7b.

Status changed to Fixed.

@rsc rsc added this to the Go1.1 milestone Apr 14, 2015
@rsc rsc removed the go1.1 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: fix NPN extension parsing.
cf463f4 
I typoed the code and tried to parse all the way to the end of the
message. Therefore it fails when NPN is not the last extension in the
ServerHello.

Fixes golang#4088.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6637052
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.1
Development

No branches or pull requests
3 participants
@agl @rsc @gopherbot