crypto/tls: empty server_name conf. ext. from server - go - Fork of Go programming language with my patches.

diff options

author	Daniel McCarney <daniel@binaryparadox.net>	2025-06-28 14:29:48 -0400
committer	Gopher Robot <gobot@golang.org>	2025-07-09 08:28:24 -0700
commit	67c1704444ba9661699a80d0ea0a2df20b4107e2 (patch)
tree	b231ac003b4a43496ba02d32d0cfb85dd96af3b0 /src/testing/synctest/example_test.go
parent	54c9d776302d53ab1907645cb67fa4a948e1500c (diff)
download	go-67c1704444ba9661699a80d0ea0a2df20b4107e2.tar.xz

crypto/tls: empty server_name conf. ext. from server

When a TLS server uses the information from the server_name extension in a client hello, and the connection isn't resuming, it should return an empty server_name extension in its server hello (or encrypted extensions for TLS 1.3). For TLS <1.3 we we do this in doFullHandshake(), by setting the pre-existing serverHelloMsg.serverNameAck bool. We know that the connection isn't resuming based on the context where this function is called. For TLS 1.3, a new encryptedExtensionsMsg.serverNameAck bool is added, and populated as appropriate in sendServerParameters() based on whether the conn was resumed or not. The encryptedExtensionsMsg marshalling is updated to emit the encrypted extension based on that field. These changes allow enabling the ServerNameExtensionServer-* bogo tests that verify both the presence and absence of the server_name extension based on the relevant specifications. Resolves #74282 Updates #72006 Change-Id: I703bc2ec916b50906bdece7b7483a7faed7aa8e4 Reviewed-on: https://go-review.googlesource.com/c/go/+/684795 TryBot-Bypass: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>

Diffstat (limited to 'src/testing/synctest/example_test.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: