Cypherpunks repositories - gostls13.git/commit

author	Daniel McCarney <daniel@binaryparadox.net>
	Wed, 26 Feb 2025 19:13:15 +0000 (14:13 -0500)
committer	Daniel McCarney <daniel@binaryparadox.net>
	Mon, 10 Mar 2025 21:20:33 +0000 (14:20 -0700)
commit	4635ad047a426f43a4b70cd11ce52b062d0da34f
tree	72e4d4633608f85c28cfb4b1e7fda38df4069bc6	tree
parent	5b4209fedb10086e845cabdb02d2990a6090841b	commit \| diff

crypto/tls: align cert decode alert w/ BSSL

For malformed client/server certificates in a TLS handshake send
a decode_error alert, matching BoringSSL behaviour.

Previously crypto/tls used a bad_certificate alert for this purpose.
The TLS specification is imprecise enough to allow this to be considered
a spec. justified choice, but since all other places in the protocol
encourage using decode_error for structurally malformed messages we may
as well do the same here and get some extra cross-impl consistency for
free.

This also allows un-ignoring the BoGo
GarbageCertificate-[Client|Server]-[TLS12|TLS13] tests.

Updates #72006

Change-Id: Ide45ba1602816e71c3289a60e77587266c3b9036
Reviewed-on: https://go-review.googlesource.com/c/go/+/652995
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>

src/crypto/tls/bogo_config.json		diff \| blob \| history
src/crypto/tls/handshake_client.go		diff \| blob \| history
src/crypto/tls/handshake_server.go		diff \| blob \| history