Imported Upstream version 58upstream/58

6 files changed, 15 insertions, 12 deletions

diff --git a/src/pkg/crypto/tls/common.go b/src/pkg/crypto/tls/common.go
index 204d25531..3efac9c13 100644
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@@ -87,7 +87,7 @@ const (
 	certTypeRSASign    = 1 // A certificate containing an RSA key
 	certTypeDSSSign    = 2 // A certificate containing a DSA key
 	certTypeRSAFixedDH = 3 // A certificate containing a static DH key
-	certTypeDSSFixedDH = 4 // A certficiate containing a static DH key
+	certTypeDSSFixedDH = 4 // A certificate containing a static DH key
 	// Rest of these are reserved by the TLS spec
 )
 
@@ -100,6 +100,8 @@ type ConnectionState struct {
 
 	// the certificate chain that was presented by the other side
 	PeerCertificates []*x509.Certificate
+	// the verified certificate chains built from PeerCertificates.
+	VerifiedChains [][]*x509.Certificate
 }
 
 // A Config structure is used to configure a TLS client or server. After one
diff --git a/src/pkg/crypto/tls/conn.go b/src/pkg/crypto/tls/conn.go
index 63d56310c..097e182bd 100644
--- a/src/pkg/crypto/tls/conn.go
+++ b/src/pkg/crypto/tls/conn.go
@@ -34,7 +34,7 @@ type Conn struct {
 	cipherSuite       uint16
 	ocspResponse      []byte // stapled OCSP response
 	peerCertificates  []*x509.Certificate
-	// verifedChains contains the certificate chains that we built, as
+	// verifiedChains contains the certificate chains that we built, as
 	// opposed to the ones presented by the server.
 	verifiedChains [][]*x509.Certificate
 
@@ -237,7 +237,7 @@ func (hc *halfConn) decrypt(b *block) (bool, alert) {
 			// "Password Interception in a SSL/TLS Channel", Brice
 			// Canvel et al.
 			//
-			// However, our behaviour matches OpenSSL, so we leak
+			// However, our behavior matches OpenSSL, so we leak
 			// only as much as they do.
 		default:
 			panic("unknown cipher type")
@@ -410,7 +410,7 @@ func (hc *halfConn) freeBlock(b *block) {
 
 // splitBlock splits a block after the first n bytes,
 // returning a block with those n bytes and a
-// block with the remaindec.  the latter may be nil.
+// block with the remainder.  the latter may be nil.
 func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) {
 	if len(b.data) <= n {
 		return b, nil
@@ -768,6 +768,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 		state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback
 		state.CipherSuite = c.cipherSuite
 		state.PeerCertificates = c.peerCertificates
+		state.VerifiedChains = c.verifiedChains
 	}
 
 	return state
diff --git a/src/pkg/crypto/tls/generate_cert.go b/src/pkg/crypto/tls/generate_cert.go
index 5b8c700e5..f46188879 100644
--- a/src/pkg/crypto/tls/generate_cert.go
+++ b/src/pkg/crypto/tls/generate_cert.go
@@ -59,7 +59,7 @@ func main() {
 	certOut.Close()
 	log.Print("written cert.pem\n")
 
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0600)
+	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Print("failed to open key.pem for writing:", err)
 		return
diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go
index 37c8d154a..e9431c6fa 100644
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@@ -209,10 +209,10 @@ FindCipherSuite:
 
 	// If we received a client cert in response to our certificate request message,
 	// the client will send us a certificateVerifyMsg immediately after the
-	// clientKeyExchangeMsg.  This message is a MD5SHA1 digest of all preceeding
+	// clientKeyExchangeMsg.  This message is a MD5SHA1 digest of all preceding
 	// handshake-layer messages that is signed using the private key corresponding
 	// to the client's certificate. This allows us to verify that the client is in
-	// posession of the private key of the certificate.
+	// possession of the private key of the certificate.
 	if len(c.peerCertificates) > 0 {
 		msg, err = c.readHandshake()
 		if err != nil {
diff --git a/src/pkg/crypto/tls/key_agreement.go b/src/pkg/crypto/tls/key_agreement.go
index 8edbb1190..84f90c45a 100644
--- a/src/pkg/crypto/tls/key_agreement.go
+++ b/src/pkg/crypto/tls/key_agreement.go
@@ -236,12 +236,12 @@ func (ka *ecdheRSAKeyAgreement) generateClientKeyExchange(config *Config, client
 	xBytes := x.Bytes()
 	copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)
 
-	serialised := ka.curve.Marshal(mx, my)
+	serialized := ka.curve.Marshal(mx, my)
 
 	ckx := new(clientKeyExchangeMsg)
-	ckx.ciphertext = make([]byte, 1+len(serialised))
-	ckx.ciphertext[0] = byte(len(serialised))
-	copy(ckx.ciphertext[1:], serialised)
+	ckx.ciphertext = make([]byte, 1+len(serialized))
+	ckx.ciphertext[0] = byte(len(serialized))
+	copy(ckx.ciphertext[1:], serialized)
 
 	return preMasterSecret, ckx, nil
 }
diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go
index 7d0bb9f34..9e5c9270a 100644
--- a/src/pkg/crypto/tls/tls.go
+++ b/src/pkg/crypto/tls/tls.go
@@ -159,7 +159,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err os.Err
 
 	key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes)
 	if err != nil {
-		err = os.ErrorString("crypto/tls: failed to parse key")
+		err = os.ErrorString("crypto/tls: failed to parse key: " + err.String())
 		return
 	}