Commit ac2bf8ad authored by Jonathan Rudenberg's avatar Jonathan Rudenberg Committed by Adam Langley

crypto/tls: add OCSP response to ConnectionState

The OCSP response is currently only exposed via a method on Conn,
which makes it inaccessible when using wrappers like net/http. The
ConnectionState structure is typically available even when using
wrappers and contains many of the other handshake details, so this
change exposes the stapled OCSP response in that structure.

Change-Id: If8dab49292566912c615d816321b4353e711f71f
Reviewed-on: https://go-review.googlesource.com/9361Reviewed-by: default avatarAdam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
parent d86b8d34
...@@ -169,6 +169,7 @@ type ConnectionState struct { ...@@ -169,6 +169,7 @@ type ConnectionState struct {
PeerCertificates []*x509.Certificate // certificate chain presented by remote peer PeerCertificates []*x509.Certificate // certificate chain presented by remote peer
VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates
SignedCertificateTimestamps [][]byte // SCTs from the server, if any SignedCertificateTimestamps [][]byte // SCTs from the server, if any
OCSPResponse []byte // stapled OCSP response from server, if any
// TLSUnique contains the "tls-unique" channel binding value (see RFC // TLSUnique contains the "tls-unique" channel binding value (see RFC
// 5929, section 3). For resumed sessions this value will be nil // 5929, section 3). For resumed sessions this value will be nil
......
...@@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState { ...@@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState {
state.VerifiedChains = c.verifiedChains state.VerifiedChains = c.verifiedChains
state.ServerName = c.serverName state.ServerName = c.serverName
state.SignedCertificateTimestamps = c.scts state.SignedCertificateTimestamps = c.scts
state.OCSPResponse = c.ocspResponse
if !c.didResume { if !c.didResume {
state.TLSUnique = c.firstFinished[:] state.TLSUnique = c.firstFinished[:]
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment