diff options
| author | Dmitri Shuralyov <dmitshur@golang.org> | 2020-12-01 17:16:25 -0500 |
|---|---|---|
| committer | Dmitri Shuralyov <dmitshur@golang.org> | 2020-12-01 17:16:25 -0500 |
| commit | dea96ada1742b45e383dcbb0c2ab4cd0d3fc92a8 (patch) | |
| tree | da91a839ce50403efbadafa53c48c303ee394084 /src/crypto/tls/handshake_client.go | |
| parent | 906d6e362b99f1c5322e44c552246e60a1ede717 (diff) | |
| parent | 5e181357c7dd5cde11b28b2db0b4fb02159ddacf (diff) | |
| download | go-dea96ada1742b45e383dcbb0c2ab4cd0d3fc92a8.tar.xz | |
[dev.boringcrypto] all: merge master into dev.boringcrypto
Change-Id: I31c69e54c904c66c10920e4c4caacfef08bb834f
Diffstat (limited to 'src/crypto/tls/handshake_client.go')
| -rw-r--r-- | src/crypto/tls/handshake_client.go | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 6d32a72fd3..ac19961d3c 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -708,18 +708,18 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) { } } - clientDidALPN := len(hs.hello.alpnProtocols) > 0 - serverHasALPN := len(hs.serverHello.alpnProtocol) > 0 - - if !clientDidALPN && serverHasALPN { - c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: server advertised unrequested ALPN extension") - } - - if serverHasALPN { + if hs.serverHello.alpnProtocol != "" { + if len(hs.hello.alpnProtocols) == 0 { + c.sendAlert(alertUnsupportedExtension) + return false, errors.New("tls: server advertised unrequested ALPN extension") + } + if mutualProtocol([]string{hs.serverHello.alpnProtocol}, hs.hello.alpnProtocols) == "" { + c.sendAlert(alertUnsupportedExtension) + return false, errors.New("tls: server selected unadvertised ALPN protocol") + } c.clientProtocol = hs.serverHello.alpnProtocol - c.clientProtocolFallback = false } + c.scts = hs.serverHello.scts if !hs.serverResumedSession() { @@ -978,20 +978,17 @@ func clientSessionCacheKey(serverAddr net.Addr, config *Config) string { return serverAddr.String() } -// mutualProtocol finds the mutual Next Protocol Negotiation or ALPN protocol -// given list of possible protocols and a list of the preference order. The -// first list must not be empty. It returns the resulting protocol and flag -// indicating if the fallback case was reached. -func mutualProtocol(protos, preferenceProtos []string) (string, bool) { +// mutualProtocol finds the mutual ALPN protocol given list of possible +// protocols and a list of the preference order. +func mutualProtocol(protos, preferenceProtos []string) string { for _, s := range preferenceProtos { for _, c := range protos { if s == c { - return s, false + return s } } } - - return protos[0], true + return "" } // hostnameInSNI converts name into an appropriate hostname for SNI. |