diff options
Diffstat (limited to 'src/crypto/tls/handshake_server.go')
| -rw-r--r-- | src/crypto/tls/handshake_server.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index e22f284cfb..9def927314 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -818,6 +818,10 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error { c.sendAlert(alertBadCertificate) return errors.New("tls: failed to parse client certificate: " + err.Error()) } + if certs[i].PublicKeyAlgorithm == x509.RSA && certs[i].PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize { + c.sendAlert(alertBadCertificate) + return fmt.Errorf("tls: client sent certificate containing RSA key larger than %d bits", maxRSAKeySize) + } } if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) { |