diff options
Diffstat (limited to 'src/crypto/tls')
-rw-r--r-- | src/crypto/tls/common.go | 16 | ||||
-rw-r--r-- | src/crypto/tls/conn.go | 12 | ||||
-rw-r--r-- | src/crypto/tls/handshake_test.go | 4 | ||||
-rw-r--r-- | src/crypto/tls/tls_test.go | 7 |
4 files changed, 27 insertions, 12 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index e4f18bf5eb..66d2c005a7 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -294,10 +294,26 @@ func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, le type ClientAuthType int const ( + // NoClientCert indicates that no client certificate should be requested + // during the handshake, and if any certificates are sent they will not + // be verified. NoClientCert ClientAuthType = iota + // RequestClientCert indicates that a client certificate should be requested + // during the handshake, but does not require that the client send any + // certificates. RequestClientCert + // RequireAnyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one certificate is required to be + // sent by the client, but that certificate is not required to be valid. RequireAnyClientCert + // VerifyClientCertIfGiven indicates that a client certificate should be requested + // during the handshake, but does not require that the client sends a + // certificate. If the client does send a certificate it is required to be + // valid. VerifyClientCertIfGiven + // RequireAndVerifyClientCert indicates that a client certificate should be requested + // during the handshake, and that at least one valid certificate is required + // to be sent by the client. RequireAndVerifyClientCert ) diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go index 5dff76c988..f1d4cb926c 100644 --- a/src/crypto/tls/conn.go +++ b/src/crypto/tls/conn.go @@ -168,18 +168,18 @@ type halfConn struct { trafficSecret []byte // current TLS 1.3 traffic secret } -type permamentError struct { +type permanentError struct { err net.Error } -func (e *permamentError) Error() string { return e.err.Error() } -func (e *permamentError) Unwrap() error { return e.err } -func (e *permamentError) Timeout() bool { return e.err.Timeout() } -func (e *permamentError) Temporary() bool { return false } +func (e *permanentError) Error() string { return e.err.Error() } +func (e *permanentError) Unwrap() error { return e.err } +func (e *permanentError) Timeout() bool { return e.err.Timeout() } +func (e *permanentError) Temporary() bool { return false } func (hc *halfConn) setErrorLocked(err error) error { if e, ok := err.(net.Error); ok { - hc.err = &permamentError{err: e} + hc.err = &permanentError{err: e} } else { hc.err = err } diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go index f55cd16ca8..605be587b5 100644 --- a/src/crypto/tls/handshake_test.go +++ b/src/crypto/tls/handshake_test.go @@ -86,7 +86,7 @@ func checkOpenSSLVersion() error { println("to update the test data.") println("") println("Configure it with:") - println("./Configure enable-weak-ssl-ciphers") + println("./Configure enable-weak-ssl-ciphers no-shared") println("and then add the apps/ directory at the front of your PATH.") println("***********************************************") @@ -403,7 +403,7 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat } defer cli.Close() clientState = cli.ConnectionState() - buf, err := ioutil.ReadAll(cli) + buf, err := io.ReadAll(cli) if err != nil { t.Errorf("failed to call cli.Read: %v", err) } diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go index 4ab8a430ba..9995538871 100644 --- a/src/crypto/tls/tls_test.go +++ b/src/crypto/tls/tls_test.go @@ -14,7 +14,6 @@ import ( "fmt" "internal/testenv" "io" - "io/ioutil" "math" "net" "os" @@ -594,7 +593,7 @@ func TestConnCloseWrite(t *testing.T) { } defer srv.Close() - data, err := ioutil.ReadAll(srv) + data, err := io.ReadAll(srv) if err != nil { return err } @@ -635,7 +634,7 @@ func TestConnCloseWrite(t *testing.T) { return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) } - data, err := ioutil.ReadAll(conn) + data, err := io.ReadAll(conn) if err != nil { return err } @@ -698,7 +697,7 @@ func TestWarningAlertFlood(t *testing.T) { } defer srv.Close() - _, err = ioutil.ReadAll(srv) + _, err = io.ReadAll(srv) if err == nil { return errors.New("unexpected lack of error from server") } |