You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Create a cert chain where A -> B -> C (A signs B signs C)
2. Start an https server which asks for A in its cert request during handshake
3. Create an https client which loads C, then B into its tls.Certificate
4. Connect the client to the server
What is the expected output?
clientHandshake() should present certificate C (the leaf) by identifying that C is
signed by B and B is signed by A, which matches the request.
What do you see instead?
An empty cert is presented.
Which compiler are you using (5g, 6g, 8g, gccgo)?
6g
Which operating system are you using?
Debian wheezy
Which version are you using? (run 'go version')
go version 1.1
Please provide any additional information below.
Assume you have the following chain of trust: A -> B -> C, where A signs B signs
C. During the handshake, the remote end sends a certificate request with A in its
certificateAuthorities. The client side tls.Certificate structure has C and then B (so
that C will be properly identified as the leaf). When clientHandshake() runs, it
discards C as a candidate (since the issuer is B, which is not A) and then also discards
B since it again compares the leaf issuer to A. The result is that an empty certificate
is sent and the handshake fails.
The text was updated successfully, but these errors were encountered:
I think this might be related to https://golang.org/issue/5390 ,
and may already be fixed.
You should try with tip (http://golang.org/doc/install/source, use "default" branch).
You can build it in ~/go and setup an alias like "gotip" if you want both on your system.
Please file a new issue mentioning this one if you can still reproduce the bug at tip.
And please include a complete program that demonstrates the problem.
by andrew@spacemonkey.com:
The text was updated successfully, but these errors were encountered: