()
| 880 | } |
| 881 | |
| 882 | func (hs *clientHandshakeState) processServerHello() (bool, error) { |
| 883 | c := hs.c |
| 884 | |
| 885 | if err := hs.pickCipherSuite(); err != nil { |
| 886 | return false, err |
| 887 | } |
| 888 | |
| 889 | if hs.serverHello.compressionMethod != compressionNone { |
| 890 | c.sendAlert(alertIllegalParameter) |
| 891 | return false, errors.New("tls: server selected unsupported compression format") |
| 892 | } |
| 893 | |
| 894 | supportsPointFormat := false |
| 895 | offeredNonCompressedFormat := false |
| 896 | for _, format := range hs.serverHello.supportedPoints { |
| 897 | if format == pointFormatUncompressed { |
| 898 | supportsPointFormat = true |
| 899 | } else { |
| 900 | offeredNonCompressedFormat = true |
| 901 | } |
| 902 | } |
| 903 | if !supportsPointFormat && offeredNonCompressedFormat { |
| 904 | return false, errors.New("tls: server offered only incompatible point formats") |
| 905 | } |
| 906 | |
| 907 | if c.handshakes == 0 && hs.serverHello.secureRenegotiationSupported { |
| 908 | c.secureRenegotiation = true |
| 909 | if len(hs.serverHello.secureRenegotiation) != 0 { |
| 910 | c.sendAlert(alertHandshakeFailure) |
| 911 | return false, errors.New("tls: initial handshake had non-empty renegotiation extension") |
| 912 | } |
| 913 | } |
| 914 | |
| 915 | if c.handshakes > 0 && c.secureRenegotiation { |
| 916 | var expectedSecureRenegotiation [24]byte |
| 917 | copy(expectedSecureRenegotiation[:], c.clientFinished[:]) |
| 918 | copy(expectedSecureRenegotiation[12:], c.serverFinished[:]) |
| 919 | if !bytes.Equal(hs.serverHello.secureRenegotiation, expectedSecureRenegotiation[:]) { |
| 920 | c.sendAlert(alertHandshakeFailure) |
| 921 | return false, errors.New("tls: incorrect renegotiation extension contents") |
| 922 | } |
| 923 | } |
| 924 | |
| 925 | if err := checkALPN(hs.hello.alpnProtocols, hs.serverHello.alpnProtocol, false); err != nil { |
| 926 | c.sendAlert(alertUnsupportedExtension) |
| 927 | return false, err |
| 928 | } |
| 929 | c.clientProtocol = hs.serverHello.alpnProtocol |
| 930 | |
| 931 | c.scts = hs.serverHello.scts |
| 932 | |
| 933 | if !hs.serverResumedSession() { |
| 934 | return false, nil |
| 935 | } |
| 936 | |
| 937 | if hs.session.version != c.vers { |
| 938 | c.sendAlert(alertHandshakeFailure) |
| 939 | return false, errors.New("tls: server resumed a session with a different version") |
no test coverage detected