From: Adam Langley <agl@golang.org>
Date: Thu, 5 May 2011 17:44:36 +0000 (-0400)
Subject: crypto/tls: export the verified chains.
X-Git-Tag: weekly.2011-05-22~139
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=ffd550455cb02fb61331fe3d6dbe5058731c0a67;p=gostls13.git

crypto/tls: export the verified chains.

The verified chains are the chains that were actually verified.

R=bradfitz
CC=golang-dev
https://golang.org/cl/4462046
---

diff --git a/src/pkg/crypto/tls/common.go b/src/pkg/crypto/tls/common.go
index 204d255314..0b26aae84d 100644
--- a/src/pkg/crypto/tls/common.go
+++ b/src/pkg/crypto/tls/common.go
@@ -100,6 +100,8 @@ type ConnectionState struct {
 
 	// the certificate chain that was presented by the other side
 	PeerCertificates []*x509.Certificate
+	// the verified certificate chains built from PeerCertificates.
+	VerifiedChains [][]*x509.Certificate
 }
 
 // A Config structure is used to configure a TLS client or server. After one
diff --git a/src/pkg/crypto/tls/conn.go b/src/pkg/crypto/tls/conn.go
index 63d56310c3..48d3f725b4 100644
--- a/src/pkg/crypto/tls/conn.go
+++ b/src/pkg/crypto/tls/conn.go
@@ -768,6 +768,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 		state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback
 		state.CipherSuite = c.cipherSuite
 		state.PeerCertificates = c.peerCertificates
+		state.VerifiedChains = c.verifiedChains
 	}
 
 	return state