MCPcopy Index your code
hub / github.com/XTLS/REALITY / sendClientCertificate

Method sendClientCertificate

handshake_client_tls13.go:754–826  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

752}
753
754func (hs *clientHandshakeStateTLS13) sendClientCertificate() error {
755 c := hs.c
756
757 if hs.certReq == nil {
758 return nil
759 }
760
761 if hs.echContext != nil && hs.echContext.echRejected {
762 if _, err := hs.c.writeHandshakeRecord(&certificateMsgTLS13{}, hs.transcript); err != nil {
763 return err
764 }
765 return nil
766 }
767
768 cert, err := c.getClientCertificate(&CertificateRequestInfo{
769 AcceptableCAs: hs.certReq.certificateAuthorities,
770 SignatureSchemes: hs.certReq.supportedSignatureAlgorithms,
771 Version: c.vers,
772 ctx: hs.ctx,
773 })
774 if err != nil {
775 return err
776 }
777
778 certMsg := new(certificateMsgTLS13)
779
780 certMsg.certificate = *cert
781 certMsg.scts = hs.certReq.scts && len(cert.SignedCertificateTimestamps) > 0
782 certMsg.ocspStapling = hs.certReq.ocspStapling && len(cert.OCSPStaple) > 0
783
784 if _, err := hs.c.writeHandshakeRecord(certMsg, hs.transcript); err != nil {
785 return err
786 }
787
788 // If we sent an empty certificate message, skip the CertificateVerify.
789 if len(cert.Certificate) == 0 {
790 return nil
791 }
792
793 certVerifyMsg := new(certificateVerifyMsg)
794 certVerifyMsg.hasSignatureAlgorithm = true
795
796 certVerifyMsg.signatureAlgorithm, err = selectSignatureScheme(c.vers, cert, hs.certReq.supportedSignatureAlgorithms)
797 if err != nil {
798 // getClientCertificate returned a certificate incompatible with the
799 // CertificateRequestInfo supported signature algorithms.
800 c.sendAlert(alertHandshakeFailure)
801 return err
802 }
803
804 sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerifyMsg.signatureAlgorithm)
805 if err != nil {
806 return c.sendAlert(alertInternalError)
807 }
808
809 signed := signedMessage(sigHash, clientSignatureContext, hs.transcript)
810 signOpts := crypto.SignerOpts(sigHash)
811 if sigType == signatureRSAPSS {

Callers 1

handshakeMethod · 0.95

Calls 8

selectSignatureSchemeFunction · 0.85
signedMessageFunction · 0.85
writeHandshakeRecordMethod · 0.80
getClientCertificateMethod · 0.80
sendAlertMethod · 0.80
randMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected