From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Mon, 27 Jun 2011 17:37:33 +0000 (-0700)
Subject: http: do TLS handshake explicitly before copying TLS state
X-Git-Tag: weekly.2011-07-07~121
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=7e29f1add8a4cebf533a70236fd1c9c0b21c1a9a;p=gostls13.git

http: do TLS handshake explicitly before copying TLS state

Previously we were snapshotting the TLS state into *Request
before we did the HTTP ReadRequest, the first Read of which
triggered the TLS handshake implicitly.

Fixes #1956

R=golang-dev, rsc
CC=agl, golang-dev
https://golang.org/cl/4630072
---

diff --git a/src/pkg/http/serve_test.go b/src/pkg/http/serve_test.go
index 40de54747d..207646f9a0 100644
--- a/src/pkg/http/serve_test.go
+++ b/src/pkg/http/serve_test.go
@@ -522,7 +522,12 @@ func TestHeadResponses(t *testing.T) {
 
 func TestTLSServer(t *testing.T) {
 	ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
-		fmt.Fprintf(w, "tls=%v", r.TLS != nil)
+		if r.TLS != nil {
+			w.Header().Set("X-TLS-Set", "true")
+			if r.TLS.HandshakeComplete {
+				w.Header().Set("X-TLS-HandshakeComplete", "true")
+			}
+		}
 	}))
 	defer ts.Close()
 	if !strings.HasPrefix(ts.URL, "https://") {
@@ -530,20 +535,17 @@ func TestTLSServer(t *testing.T) {
 	}
 	res, err := Get(ts.URL)
 	if err != nil {
-		t.Error(err)
+		t.Fatal(err)
 	}
 	if res == nil {
 		t.Fatalf("got nil Response")
 	}
-	if res.Body == nil {
-		t.Fatalf("got nil Response.Body")
-	}
-	body, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		t.Error(err)
+	defer res.Body.Close()
+	if res.Header.Get("X-TLS-Set") != "true" {
+		t.Errorf("expected X-TLS-Set response header")
 	}
-	if e, g := "tls=true", string(body); e != g {
-		t.Errorf("expected body %q; got %q", e, g)
+	if res.Header.Get("X-TLS-HandshakeComplete") != "true" {
+		t.Errorf("expected X-TLS-HandshakeComplete header")
 	}
 }
 
diff --git a/src/pkg/http/server.go b/src/pkg/http/server.go
index 7f1b8a2bcc..03b9cd86f6 100644
--- a/src/pkg/http/server.go
+++ b/src/pkg/http/server.go
@@ -152,6 +152,7 @@ func newConn(rwc net.Conn, handler Handler) (c *conn, err os.Error) {
 	c.buf = bufio.NewReadWriter(br, bw)
 
 	if tlsConn, ok := rwc.(*tls.Conn); ok {
+		tlsConn.Handshake()
 		c.tlsState = new(tls.ConnectionState)
 		*c.tlsState = tlsConn.ConnectionState()
 	}