• Adam Langley's avatar
    crypto/tls: allow renegotiation to be handled by a client. · af125a51
    Adam Langley authored
    This change adds Config.Renegotiation which controls whether a TLS
    client will accept renegotiation requests from a server. This is used,
    for example, by some web servers that wish to “add” a client certificate
    to an HTTPS connection.
    
    This is disabled by default because it significantly complicates the
    state machine.
    
    Originally, handshakeMutex was taken before locking either Conn.in or
    Conn.out. However, if renegotiation is permitted then a handshake may
    be triggered during a Read() call. If Conn.in were unlocked before
    taking handshakeMutex then a concurrent Read() call could see an
    intermediate state and trigger an error. Thus handshakeMutex is now
    locked after Conn.in and the handshake functions assume that Conn.in is
    locked for the duration of the handshake.
    
    Additionally, handshakeMutex used to protect Conn.out also. With the
    possibility of renegotiation that's no longer viable and so
    writeRecordLocked has been split off.
    
    Fixes #5742.
    
    Change-Id: I935914db1f185d507ff39bba8274c148d756a1c8
    Reviewed-on: https://go-review.googlesource.com/22475
    Run-TryBot: Adam Langley <agl@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: 's avatarRuss Cox <rsc@golang.org>
    af125a51
Name
Last commit
Last update
..
aes Loading commit data...
cipher Loading commit data...
des Loading commit data...
dsa Loading commit data...
ecdsa Loading commit data...
elliptic Loading commit data...
hmac Loading commit data...
md5 Loading commit data...
rand Loading commit data...
rc4 Loading commit data...
rsa Loading commit data...
sha1 Loading commit data...
sha256 Loading commit data...
sha512 Loading commit data...
subtle Loading commit data...
tls Loading commit data...
x509 Loading commit data...
crypto.go Loading commit data...