MCPcopy
hub / github.com/XTLS/REALITY / doFullHandshake

Method doFullHandshake

handshake_client.go:660–851  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

658}
659
660func (hs *clientHandshakeState) doFullHandshake() error {
661 c := hs.c
662
663 msg, err := c.readHandshake(&hs.finishedHash)
664 if err != nil {
665 return err
666 }
667 certMsg, ok := msg.(*certificateMsg)
668 if !ok || len(certMsg.certificates) == 0 {
669 c.sendAlert(alertUnexpectedMessage)
670 return unexpectedMessageError(certMsg, msg)
671 }
672
673 msg, err = c.readHandshake(&hs.finishedHash)
674 if err != nil {
675 return err
676 }
677
678 cs, ok := msg.(*certificateStatusMsg)
679 if ok {
680 // RFC4366 on Certificate Status Request:
681 // The server MAY return a "certificate_status" message.
682
683 if !hs.serverHello.ocspStapling {
684 // If a server returns a "CertificateStatus" message, then the
685 // server MUST have included an extension of type "status_request"
686 // with empty "extension_data" in the extended server hello.
687
688 c.sendAlert(alertUnexpectedMessage)
689 return errors.New("tls: received unexpected CertificateStatus message")
690 }
691
692 c.ocspResponse = cs.response
693
694 msg, err = c.readHandshake(&hs.finishedHash)
695 if err != nil {
696 return err
697 }
698 }
699
700 if c.handshakes == 0 {
701 // If this is the first handshake on a connection, process and
702 // (optionally) verify the server's certificates.
703 if err := c.verifyServerCertificate(certMsg.certificates); err != nil {
704 return err
705 }
706 } else {
707 // This is a renegotiation handshake. We require that the
708 // server's identity (i.e. leaf certificate) is unchanged and
709 // thus any previous trust decision is still valid.
710 //
711 // See https://mitls.org/pages/attacks/3SHAKE for the
712 // motivation behind this requirement.
713 if !bytes.Equal(c.peerCertificates[0].Raw, certMsg.certificates[0]) {
714 c.sendAlert(alertBadCertificate)
715 return errors.New("tls: server's identity changed during renegotiation")
716 }
717 }

Callers 1

handshakeMethod · 0.95

Calls 15

RequiredFunction · 0.92
unexpectedMessageErrorFunction · 0.85
CurveIDTypeAlias · 0.85
selectSignatureSchemeFunction · 0.85
readHandshakeMethod · 0.80
sendAlertMethod · 0.80

Tested by

no test coverage detected