crypto/tls: add server-side OCSP stapling support.
We already had support on the client side. I also changed the name of
the flag in the ServerHello structure to match the name of the same
flag in the ClientHello (ocspStapling).
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4408044
diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go
index 809c8c1..37c8d15 100644
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@@ -103,6 +103,9 @@
hello.nextProtoNeg = true
hello.nextProtos = config.NextProtos
}
+ if clientHello.ocspStapling && len(config.Certificates[0].OCSPStaple) > 0 {
+ hello.ocspStapling = true
+ }
finishedHash.Write(hello.marshal())
c.writeRecord(recordTypeHandshake, hello.marshal())
@@ -116,6 +119,14 @@
finishedHash.Write(certMsg.marshal())
c.writeRecord(recordTypeHandshake, certMsg.marshal())
+ if hello.ocspStapling {
+ certStatus := new(certificateStatusMsg)
+ certStatus.statusType = statusTypeOCSP
+ certStatus.response = config.Certificates[0].OCSPStaple
+ finishedHash.Write(certStatus.marshal())
+ c.writeRecord(recordTypeHandshake, certStatus.marshal())
+ }
+
keyAgreement := suite.ka()
skx, err := keyAgreement.generateServerKeyExchange(config, clientHello, hello)
