Cypherpunks repositories - gostls13.git/commit

author	Brad Fitzpatrick <bradfitz@golang.org>
	Thu, 15 Mar 2018 05:21:44 +0000 (08:21 +0300)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Wed, 24 Oct 2018 22:49:50 +0000 (22:49 +0000)
commit	c942191c203c096637e1e8d27dfccc4968ce5436
tree	d394041304ffd064f80becc50926ab64ad1e6c7f	tree
parent	0e40889796a1dc9e2393bf4d66997da68692e970	commit \| diff

crypto/tls, net/http: reject HTTP requests to HTTPS server

This adds a crypto/tls.RecordHeaderError.Conn field containing the TLS
underlying net.Conn for non-TLS handshake errors, and then uses it in
the net/http Server to return plaintext HTTP 400 errors when a client
mistakenly sends a plaintext HTTP request to an HTTPS server. This is the
same behavior as Apache.

Also in crypto/tls: swap two error paths to not use a value before
it's valid, and don't send a alert record when a handshake contains a
bogus TLS record (a TLS record in response won't help a non-TLS
client).

Fixes #23689

Change-Id: Ife774b1e3886beb66f25ae4587c62123ccefe847
Reviewed-on: https://go-review.googlesource.com/c/143177
Reviewed-by: Filippo Valsorda <filippo@golang.org>

src/crypto/tls/conn.go		diff \| blob \| history
src/net/http/serve_test.go		diff \| blob \| history
src/net/http/server.go		diff \| blob \| history