()
| 576 | } |
| 577 | |
| 578 | func (hs *serverHandshakeState) doFullHandshake() error { |
| 579 | c := hs.c |
| 580 | |
| 581 | if hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 { |
| 582 | hs.hello.ocspStapling = true |
| 583 | } |
| 584 | |
| 585 | hs.hello.ticketSupported = hs.clientHello.ticketSupported && !c.config.SessionTicketsDisabled |
| 586 | hs.hello.cipherSuite = hs.suite.id |
| 587 | |
| 588 | hs.finishedHash = newFinishedHash(hs.c.vers, hs.suite) |
| 589 | if c.config.ClientAuth == NoClientCert { |
| 590 | // No need to keep a full record of the handshake if client |
| 591 | // certificates won't be used. |
| 592 | hs.finishedHash.discardHandshakeBuffer() |
| 593 | } |
| 594 | if err := transcriptMsg(hs.clientHello, &hs.finishedHash); err != nil { |
| 595 | return err |
| 596 | } |
| 597 | if _, err := hs.c.writeHandshakeRecord(hs.hello, &hs.finishedHash); err != nil { |
| 598 | return err |
| 599 | } |
| 600 | |
| 601 | certMsg := new(certificateMsg) |
| 602 | certMsg.certificates = hs.cert.Certificate |
| 603 | if _, err := hs.c.writeHandshakeRecord(certMsg, &hs.finishedHash); err != nil { |
| 604 | return err |
| 605 | } |
| 606 | |
| 607 | if hs.hello.ocspStapling { |
| 608 | certStatus := new(certificateStatusMsg) |
| 609 | certStatus.response = hs.cert.OCSPStaple |
| 610 | if _, err := hs.c.writeHandshakeRecord(certStatus, &hs.finishedHash); err != nil { |
| 611 | return err |
| 612 | } |
| 613 | } |
| 614 | |
| 615 | keyAgreement := hs.suite.ka(c.vers) |
| 616 | skx, err := keyAgreement.generateServerKeyExchange(c.config, hs.cert, hs.clientHello, hs.hello) |
| 617 | if err != nil { |
| 618 | c.sendAlert(alertHandshakeFailure) |
| 619 | return err |
| 620 | } |
| 621 | if skx != nil { |
| 622 | if len(skx.key) >= 3 && skx.key[0] == 3 /* named curve */ { |
| 623 | c.curveID = CurveID(binary.BigEndian.Uint16(skx.key[1:])) |
| 624 | } |
| 625 | if _, err := hs.c.writeHandshakeRecord(skx, &hs.finishedHash); err != nil { |
| 626 | return err |
| 627 | } |
| 628 | } |
| 629 | |
| 630 | var certReq *certificateRequestMsg |
| 631 | if c.config.ClientAuth >= RequestClientCert { |
| 632 | // Request a client certificate |
| 633 | certReq = new(certificateRequestMsg) |
| 634 | certReq.certificateTypes = []byte{ |
| 635 | byte(certTypeRSASign), |
no test coverage detected