src/crypto/tls/testdata · go1.7.2 · go / golang

crypto/tls: allow renegotiation to be handled by a client. · af125a51

Adam Langley authored Apr 26, 2016

This change adds Config.Renegotiation which controls whether a TLS
client will accept renegotiation requests from a server. This is used,
for example, by some web servers that wish to “add” a client certificate
to an HTTPS connection.

This is disabled by default because it significantly complicates the
state machine.

Originally, handshakeMutex was taken before locking either Conn.in or
Conn.out. However, if renegotiation is permitted then a handshake may
be triggered during a Read() call. If Conn.in were unlocked before
taking handshakeMutex then a concurrent Read() call could see an
intermediate state and trigger an error. Thus handshakeMutex is now
locked after Conn.in and the handshake functions assume that Conn.in is
locked for the duration of the handshake.

Additionally, handshakeMutex used to protect Conn.out also. With the
possibility of renegotiation that's no longer viable and so
writeRecordLocked has been split off.

Fixes #5742.

Change-Id: I935914db1f185d507ff39bba8274c148d756a1c8
Reviewed-on: https://go-review.googlesource.com/22475
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>

af125a51

Name	Last commit	Last update
..
Client-TLSv10-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv10-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv10-ECDHE-RSA-AES		Loading commit data...
Client-TLSv10-RSA-RC4		Loading commit data...
Client-TLSv11-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv11-ECDHE-RSA-AES		Loading commit data...
Client-TLSv11-RSA-RC4		Loading commit data...
Client-TLSv12-AES128-GCM-SHA256		Loading commit data...
Client-TLSv12-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ALPN		Loading commit data...
Client-TLSv12-ALPN-NoMatch		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-ECDSA-RSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ClientCert-RSA-ECDSA		Loading commit data...
Client-TLSv12-ClientCert-RSA-RSA		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES-GCM		Loading commit data...
Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384		Loading commit data...
Client-TLSv12-ECDHE-RSA-AES		Loading commit data...
Client-TLSv12-RSA-RC4		Loading commit data...
Client-TLSv12-RenegotiateOnce		Loading commit data...
Client-TLSv12-RenegotiateTwice		Loading commit data...
Client-TLSv12-RenegotiateTwiceRejected		Loading commit data...
Client-TLSv12-RenegotiationRejected		Loading commit data...
Client-TLSv12-SCT		Loading commit data...
Server-SSLv3-RSA-3DES		Loading commit data...
Server-SSLv3-RSA-AES		Loading commit data...
Server-SSLv3-RSA-RC4		Loading commit data...
Server-TLSv10-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv10-RSA-3DES		Loading commit data...
Server-TLSv10-RSA-AES		Loading commit data...
Server-TLSv10-RSA-RC4		Loading commit data...
Server-TLSv11-FallbackSCSV		Loading commit data...
Server-TLSv11-RSA-RC4		Loading commit data...
Server-TLSv12-ALPN		Loading commit data...
Server-TLSv12-ALPN-NoMatch		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceECDSA		Loading commit data...
Server-TLSv12-CipherSuiteCertPreferenceRSA		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndECDSAGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedAndGiven		Loading commit data...
Server-TLSv12-ClientAuthRequestedNotGiven		Loading commit data...
Server-TLSv12-ECDHE-ECDSA-AES		Loading commit data...
Server-TLSv12-IssueTicket		Loading commit data...
Server-TLSv12-IssueTicketPreDisable		Loading commit data...
Server-TLSv12-RSA-3DES		Loading commit data...
Server-TLSv12-RSA-AES		Loading commit data...
Server-TLSv12-RSA-AES-GCM		Loading commit data...
Server-TLSv12-RSA-AES256-GCM-SHA384		Loading commit data...
Server-TLSv12-RSA-RC4		Loading commit data...
Server-TLSv12-Resume		Loading commit data...
Server-TLSv12-ResumeDisabled		Loading commit data...
Server-TLSv12-SNI		Loading commit data...
Server-TLSv12-SNI-GetCertificate		Loading commit data...
Server-TLSv12-SNI-GetCertificateNotFound		Loading commit data...