SNI (Server Name Indication) is a way for a TLS client to
indicate to the server which name it knows the server by. This
allows the server to have several names and return the correct
certificate for each (virtual hosting).
PeerCertificates returns the list of certificates presented by
server.
R=r
CC=golang-dev
https://golang.org/cl/
1741053
// NextProtos is a list of supported, application level protocols.
// Currently only server-side handling is supported.
NextProtos []string
+ // ServerName is included in the client's handshake to support virtual
+ // hosting.
+ ServerName string
}
type Certificate struct {
import (
"bytes"
"crypto/subtle"
+ "crypto/x509"
"hash"
"io"
"net"
handshakeComplete bool
cipherSuite uint16
ocspResponse []byte // stapled OCSP response
+ peerCertificates []*x509.Certificate
clientProtocol string
return c.ocspResponse
}
+
+// PeerCertificates returns the certificate chain that was presented by the
+// other side.
+func (c *Conn) PeerCertificates() []*x509.Certificate {
+ c.handshakeMutex.Lock()
+ defer c.handshakeMutex.Unlock()
+
+ return c.peerCertificates
+}
compressionMethods: []uint8{compressionNone},
random: make([]byte, 32),
ocspStapling: true,
+ serverName: c.config.ServerName,
}
t := uint32(c.config.Time())
return c.sendAlert(alertUnsupportedCertificate)
}
+ c.peerCertificates = certs
+
if serverHello.certStatus {
msg, err = c.readHandshake()
if err != nil {
// ServerName server_name_list<1..2^16-1>
// } ServerNameList;
- z[1] = 1
+ z[0] = byte((len(m.serverName) + 3) >> 8)
+ z[1] = byte(len(m.serverName) + 3)
z[3] = byte(len(m.serverName) >> 8)
z[4] = byte(len(m.serverName))
copy(z[5:], []byte(m.serverName))