From 02e69c4b536a46f2aef4aa127092fa167ada296e Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Thu, 16 Apr 2015 14:59:22 -0400 Subject: crypto/tls: add support for Certificate Transparency This change adds support for serving and receiving Signed Certificate Timestamps as described in RFC 6962. The server is now capable of serving SCTs listed in the Certificate structure. The client now asks for SCTs and, if any are received, they are exposed in the ConnectionState structure. Fixes #10201 Change-Id: Ib3adae98cb4f173bc85cec04d2bdd3aa0fec70bb Reviewed-on: https://go-review.googlesource.com/8988 Reviewed-by: Adam Langley Run-TryBot: Adam Langley Reviewed-by: Jonathan Rudenberg --- .../testdata/Client-TLSv10-ClientCert-ECDSA-RSA | 57 +++++++++++----------- 1 file changed, 29 insertions(+), 28 deletions(-) (limited to 'src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA') diff --git a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA index 84632afbfb..80f576c9c1 100644 --- a/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA +++ b/src/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA @@ -1,18 +1,19 @@ >>> Flow 1 (client to server) -00000000 16 03 01 00 79 01 00 00 75 03 03 00 00 00 00 00 |....y...u.......| +00000000 16 03 01 00 7d 01 00 00 79 03 03 00 00 00 00 00 |....}...y.......| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 1e c0 2f |.............../| 00000030 c0 2b c0 30 c0 2c c0 11 c0 07 c0 13 c0 09 c0 14 |.+.0.,..........| -00000040 c0 0a 00 05 00 2f 00 35 c0 12 00 0a 01 00 00 2e |...../.5........| +00000040 c0 0a 00 05 00 2f 00 35 c0 12 00 0a 01 00 00 32 |...../.5.......2| 00000050 00 05 00 05 01 00 00 00 00 00 0a 00 08 00 06 00 |................| 00000060 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0a 00 |................| -00000070 08 04 01 04 03 02 01 02 03 ff 01 00 01 00 |..............| +00000070 08 04 01 04 03 02 01 02 03 ff 01 00 01 00 00 12 |................| +00000080 00 00 |..| >>> Flow 2 (server to client) -00000000 16 03 01 00 51 02 00 00 4d 03 01 8b 2e 89 18 f7 |....Q...M.......| -00000010 c8 0f 16 f0 81 91 e7 88 7c e8 20 a2 de 0e 28 ce |........|. ...(.| -00000020 f3 12 54 68 79 ec b2 05 0b d1 74 20 bc c6 22 fd |..Thy.....t ..".| -00000030 45 00 2c a6 bf 65 38 fd 2f 6e 71 9c b8 14 7a 0a |E.,..e8./nq...z.| -00000040 5b 8e 71 c9 b6 32 99 41 f7 43 91 ad 00 05 00 00 |[.q..2.A.C......| +00000000 16 03 01 00 51 02 00 00 4d 03 01 e1 fc f6 05 2a |....Q...M......*| +00000010 e3 8e 5d 62 22 73 b8 7f 69 11 29 90 26 21 c2 66 |..]b"s..i.).&!.f| +00000020 23 d9 c8 22 c0 08 c2 a6 95 ac 17 20 d6 6d e3 15 |#.."....... .m..| +00000030 e0 e5 65 e3 45 17 e9 45 2f 90 66 81 bc 10 7a 6e |..e.E..E/.f...zn| +00000040 b6 3a 7e db 84 5d 59 53 d2 be 8c f4 00 05 00 00 |.:~..]YS........| 00000050 05 ff 01 00 01 00 16 03 01 02 be 0b 00 02 ba 00 |................| 00000060 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 02 |.....0...0......| 00000070 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d 06 |.............0..| @@ -101,25 +102,25 @@ 00000260 ce 39 4c 9c 86 00 08 c2 4b e2 c6 ec 2f f7 ce e6 |.9L.....K.../...| 00000270 bd 77 82 6f 23 b6 e0 bd a2 92 b7 3a ac e8 56 f1 |.w.o#......:..V.| 00000280 af 54 5e 46 87 e9 3b 33 e7 b8 28 b7 d6 c8 90 35 |.T^F..;3..(....5| -00000290 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 01 00 90 0f |..C.0oUN.p......| -000002a0 00 00 8c 00 8a 30 81 87 02 41 59 10 98 e1 27 39 |.....0...AY...'9| -000002b0 62 42 32 98 8d 04 14 6a 95 27 b0 3b 62 46 f3 8e |bB2....j.'.;bF..| -000002c0 5a 86 28 4f 3d a8 49 44 85 d8 8d 02 15 52 72 4f |Z.(O=.ID.....RrO| -000002d0 87 4c 16 73 98 f6 6f 93 bb 9a c3 11 be 7f 35 81 |.L.s..o.......5.| -000002e0 52 9f 17 6e 10 5e 33 ad c9 24 ad 02 42 01 c3 cb |R..n.^3..$..B...| -000002f0 e7 4f a9 c5 b1 5f ab c7 d2 42 92 05 a0 9b ca a6 |.O..._...B......| -00000300 33 ad 5c bd 22 94 c2 f7 d3 b4 3a 25 ae b4 bc c4 |3.\.".....:%....| -00000310 f3 b6 38 8a a2 aa e7 e8 55 d9 8a 32 1f c7 05 a0 |..8.....U..2....| -00000320 55 58 46 aa 78 37 d8 c6 57 bc 9b 2a 31 b4 15 14 |UXF.x7..W..*1...| -00000330 03 01 00 01 01 16 03 01 00 24 fd 98 09 ef 50 d2 |.........$....P.| -00000340 a5 90 9c 55 eb aa 67 33 24 a3 1e db 4b 2e 6b cb |...U..g3$...K.k.| -00000350 b5 17 8b c0 c1 2e a6 c6 49 7d 84 0c d7 96 |........I}....| +00000290 d4 1c 43 d1 30 6f 55 4e 0a 70 16 03 01 00 91 0f |..C.0oUN.p......| +000002a0 00 00 8d 00 8b 30 81 88 02 42 01 31 94 8d 30 cc |.....0...B.1..0.| +000002b0 aa 3c de 14 df db 93 d2 d9 27 e2 d7 95 7e f4 8b |.<.......'...~..| +000002c0 d5 b1 97 3f 2a b8 27 c4 ba 67 89 ea 67 91 ea 6d |...?*.'..g..g..m| +000002d0 6d 62 14 3c 6d b1 b1 56 7c 85 c4 a2 07 92 87 6d |mb.>> Flow 4 (server to client) -00000000 14 03 01 00 01 01 16 03 01 00 24 b3 e4 bb 70 4b |..........$...pK| -00000010 21 71 de 80 27 48 7f 15 60 23 65 a5 3f 94 b3 e7 |!q..'H..`#e.?...| -00000020 91 3a fe 4c 70 60 22 6c 67 ca 85 85 23 f4 83 |.:.Lp`"lg...#..| +00000000 14 03 01 00 01 01 16 03 01 00 24 f3 9c e5 c4 59 |..........$....Y| +00000010 46 e8 1e 97 95 4e 5b 4e e9 38 25 57 5c a5 23 66 |F....N[N.8%W\.#f| +00000020 4a c6 c7 a1 8b f8 00 dc 44 da 4c 1b d4 42 c3 |J.......D.L..B.| >>> Flow 5 (client to server) -00000000 17 03 01 00 1a d6 19 a3 b8 82 ff dc 69 4f ee 36 |............iO.6| -00000010 2b 95 c8 c0 e6 d8 84 ea e7 d9 40 39 10 ba 33 15 |+.........@9..3.| -00000020 03 01 00 16 85 1b 41 3b e8 71 07 3c 6e 9f b9 e0 |......A;.q.