• Filippo Valsorda's avatar
    crypto/tls: implement TLS 1.3 client authentication · 106db71f
    Filippo Valsorda authored
    Note that the SignatureSchemes passed to GetClientCertificate in TLS 1.2
    are now filtered by the requested certificate type. This feels like an
    improvement anyway, and the full list can be surfaced as well when
    support for signature_algorithms_cert is added, which actually matches
    the semantics of the CertificateRequest signature_algorithms in TLS 1.2.
    
    Also, note a subtle behavior change in server side resumption: if a
    certificate is requested but not required, and the resumed session did
    not include one, it used not to invoke VerifyPeerCertificate. However,
    if the resumed session did include a certificate, it would. (If a
    certificate was required but not in the session, the session is rejected
    in checkForResumption.) This inconsistency could be unexpected, even
    dangerous, so now VerifyPeerCertificate is always invoked. Still not
    consistent with the client behavior, which does not ever invoke
    VerifyPeerCertificate on resumption, but it felt too surprising to
    entirely change either.
    
    Updates #9671
    
    Change-Id: Ib2b0dbc30e659208dca3ac07d6c687a407d7aaaf
    Reviewed-on: https://go-review.googlesource.com/c/147599Reviewed-by: 's avatarAdam Langley <agl@golang.org>
    106db71f
handshake_messages.go 46.8 KB