From: Jonathan Rudenberg Date: Sun, 26 Apr 2015 16:05:37 +0000 (-0400) Subject: crypto/tls: add OCSP response to ConnectionState X-Git-Tag: go1.5beta1~905 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ac2bf8ad06e435f1cfdcd1acc87f7e9f51794a79;p=gostls13.git crypto/tls: add OCSP response to ConnectionState The OCSP response is currently only exposed via a method on Conn, which makes it inaccessible when using wrappers like net/http. The ConnectionState structure is typically available even when using wrappers and contains many of the other handshake details, so this change exposes the stapled OCSP response in that structure. Change-Id: If8dab49292566912c615d816321b4353e711f71f Reviewed-on: https://go-review.googlesource.com/9361 Reviewed-by: Adam Langley Run-TryBot: Adam Langley --- diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 4cce5085f4..929c8ef4da 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -169,6 +169,7 @@ type ConnectionState struct { PeerCertificates []*x509.Certificate // certificate chain presented by remote peer VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates SignedCertificateTimestamps [][]byte // SCTs from the server, if any + OCSPResponse []byte // stapled OCSP response from server, if any // TLSUnique contains the "tls-unique" channel binding value (see RFC // 5929, section 3). For resumed sessions this value will be nil diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go index c7b30a5d72..cad471859f 100644 --- a/src/crypto/tls/conn.go +++ b/src/crypto/tls/conn.go @@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState { state.VerifiedChains = c.verifiedChains state.ServerName = c.serverName state.SignedCertificateTimestamps = c.scts + state.OCSPResponse = c.ocspResponse if !c.didResume { state.TLSUnique = c.firstFinished[:] }