summaryrefslogtreecommitdiff
path: root/src/pkg/crypto/tls/handshake_server.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/pkg/crypto/tls/handshake_server.go')
-rw-r--r--src/pkg/crypto/tls/handshake_server.go29
1 files changed, 15 insertions, 14 deletions
diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go
index 77e56a754..76adc540c 100644
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@@ -112,37 +112,38 @@ FindCipherSuite:
hello.nextProtoNeg = true
hello.nextProtos = config.NextProtos
}
- if clientHello.ocspStapling && len(config.Certificates[0].OCSPStaple) > 0 {
- hello.ocspStapling = true
- }
-
- finishedHash.Write(hello.marshal())
- c.writeRecord(recordTypeHandshake, hello.marshal())
if len(config.Certificates) == 0 {
return c.sendAlert(alertInternalError)
}
-
- certMsg := new(certificateMsg)
+ cert := &config.Certificates[0]
if len(clientHello.serverName) > 0 {
c.serverName = clientHello.serverName
- certMsg.certificates = config.getCertificateForName(clientHello.serverName).Certificate
- } else {
- certMsg.certificates = config.Certificates[0].Certificate
+ cert = config.getCertificateForName(clientHello.serverName)
}
+
+ if clientHello.ocspStapling && len(cert.OCSPStaple) > 0 {
+ hello.ocspStapling = true
+ }
+
+ finishedHash.Write(hello.marshal())
+ c.writeRecord(recordTypeHandshake, hello.marshal())
+
+ certMsg := new(certificateMsg)
+ certMsg.certificates = cert.Certificate
finishedHash.Write(certMsg.marshal())
c.writeRecord(recordTypeHandshake, certMsg.marshal())
if hello.ocspStapling {
certStatus := new(certificateStatusMsg)
certStatus.statusType = statusTypeOCSP
- certStatus.response = config.Certificates[0].OCSPStaple
+ certStatus.response = cert.OCSPStaple
finishedHash.Write(certStatus.marshal())
c.writeRecord(recordTypeHandshake, certStatus.marshal())
}
keyAgreement := suite.ka()
- skx, err := keyAgreement.generateServerKeyExchange(config, clientHello, hello)
+ skx, err := keyAgreement.generateServerKeyExchange(config, cert, clientHello, hello)
if err != nil {
c.sendAlert(alertHandshakeFailure)
return err
@@ -288,7 +289,7 @@ FindCipherSuite:
finishedHash.Write(certVerify.marshal())
}
- preMasterSecret, err := keyAgreement.processClientKeyExchange(config, ckx, c.vers)
+ preMasterSecret, err := keyAgreement.processClientKeyExchange(config, cert, ckx, c.vers)
if err != nil {
c.sendAlert(alertHandshakeFailure)
return err
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-23 22:22:13 +0000