type clientHandshakeState … var testingOnlyForceClientHelloSignatureAlgorithms … func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echContext, error) { … } type echContext … func (c *Conn) clientHandshake(ctx context.Context) (err error) { … } func (c *Conn) loadSession(hello *clientHelloMsg) ( session *SessionState, earlySecret, binderKey []byte, err error) { … } func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { … } // Does the handshake, either a full one or resumes old session. Requires hs.c, // hs.hello, hs.serverHello, and, optionally, hs.session to be set. func (hs *clientHandshakeState) handshake() error { … } func (hs *clientHandshakeState) pickCipherSuite() error { … } func (hs *clientHandshakeState) doFullHandshake() error { … } func (hs *clientHandshakeState) establishKeys() error { … } func (hs *clientHandshakeState) serverResumedSession() bool { … } func (hs *clientHandshakeState) processServerHello() (bool, error) { … } // checkALPN ensure that the server's choice of ALPN protocol is compatible with // the protocols that we advertised in the Client Hello. func checkALPN(clientProtos []string, serverProto string, quic bool) error { … } func (hs *clientHandshakeState) readFinished(out []byte) error { … } func (hs *clientHandshakeState) readSessionTicket() error { … } func (hs *clientHandshakeState) saveSessionTicket() error { … } func (hs *clientHandshakeState) sendFinished(out []byte) error { … } const defaultMaxRSAKeySize … var tlsmaxrsasize … func checkKeySize(n int) (max int, ok bool) { … } // verifyServerCertificate parses and verifies the provided chain, setting // c.verifiedChains and c.peerCertificates or sending the appropriate alert. func (c *Conn) verifyServerCertificate(certificates [][]byte) error { … } // certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS // <= 1.2 CertificateRequest, making an effort to fill in missing information. func certificateRequestInfoFromMsg(ctx context.Context, vers uint16, certReq *certificateRequestMsg) *CertificateRequestInfo { … } func (c *Conn) getClientCertificate(cri *CertificateRequestInfo) (*Certificate, error) { … } // clientSessionCacheKey returns a key used to cache sessionTickets that could // be used to resume previously negotiated TLS sessions with a server. func (c *Conn) clientSessionCacheKey() string { … } // hostnameInSNI converts name into an appropriate hostname for SNI. // Literal IP addresses and absolute FQDNs are not permitted as SNI values. // See RFC 6066, Section 3. func hostnameInSNI(name string) string { … } func computeAndUpdatePSK(m *clientHelloMsg, binderKey []byte, transcript hash.Hash, finishedHash func([]byte, hash.Hash) []byte) error { … }
Codebase Browser
go