tls: move PeerCertificates to ConnectionState

R=agl, agl1
CC=golang-dev, rsc
https://golang.org/cl/4248078

diff --git a/src/pkg/crypto/tls/common.go b/src/pkg/crypto/tls/common.go
index 7135f3d0f716853fe89c9364ac5695eb0d956f06..81b5a07446ea644b0e4cb5047fe8b23e343cdca4 100644 (file)
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@@ -7,6 +7,7 @@ package tls
 import (
        "crypto/rand"
        "crypto/rsa"
+       "crypto/x509"
        "io"
        "io/ioutil"
        "sync"
@@ -95,6 +96,9 @@ type ConnectionState struct {
        HandshakeComplete  bool
        CipherSuite        uint16
        NegotiatedProtocol string
+
+       // the certificate chain that was presented by the other side
+       PeerCertificates []*x509.Certificate
 }
 
 // A Config structure is used to configure a TLS client or server. After one

diff --git a/src/pkg/crypto/tls/conn.go b/src/pkg/crypto/tls/conn.go
index d203e8d5169afa1055937886d55da3c46c19f82b..1e6fe60aec2a4ba630bce7f1967fa2ae81f975e9 100644 (file)
--- a/src/pkg/crypto/tls/conn.go
+++ b/src/pkg/crypto/tls/conn.go
@@ -762,6 +762,7 @@ func (c *Conn) ConnectionState() ConnectionState {
        if c.handshakeComplete {
                state.NegotiatedProtocol = c.clientProtocol
                state.CipherSuite = c.cipherSuite
+               state.PeerCertificates = c.peerCertificates
        }
 
        return state
@@ -776,15 +777,6 @@ func (c *Conn) OCSPResponse() []byte {
        return c.ocspResponse
 }
 
-// PeerCertificates returns the certificate chain that was presented by the
-// other side.
-func (c *Conn) PeerCertificates() []*x509.Certificate {
-       c.handshakeMutex.Lock()
-       defer c.handshakeMutex.Unlock()
-
-       return c.peerCertificates
-}
-
 // VerifyHostname checks that the peer certificate chain is valid for
 // connecting to host.  If so, it returns nil; if not, it returns an os.Error
 // describing the problem.