Comments (1)
Transplanting tris over crypto/tls fails since Go 1.12 has added a new field. See https://golang.org/doc/go1.12#crypto/tls
That change was introduced with golang/go@c942191
A fully rebase like we did before will be near impossible due to two diverging TLS 1.3 implementations. Full list of changes in upstream crypto/tls:
$ git log --oneline go1.10..go1.11 src/crypto/tls
2eb8116f9e [release-branch.go1.11] crypto/tls: make ConnectionState.ExportKeyingMaterial a method
e5b13401c6 crypto/tls: fix deadlock when Read and Close called concurrently
4f1f503373 crypto/aes: implement AES-GCM AEAD for arm64
87867505c0 crypto/tls: add RSASSA-PSS support for handshake messages
c89d75f981 crypto/tls: consolidate signatures handling in SKE and CV
7ba0c6235f crypto, internal/cpu: fix s390x AES feature detection and update SHA implementations
9417ff55c3 crypto/tls: expand docs on client-side session ticket support
161874da2a all: update comment URLs from HTTP to HTTPS, where possible
3f2039e28d crypto/{aes,internal/cipherhw,tls}: use common internal/cpu in place of cipherhw
4154727e1b crypto/tls: add examples for [Load]X509KeyPair
542ea5ad91 go/printer, gofmt: tuned table alignment for better results
ee7dd810f9 crypto/tls: simplify the Handshake locking strategy
bd18c09095 crypto/tls: parse certificate first in X509KeyPair to get better errors
c529141d72 crypto/tls: support keying material export
5158aab7d6 all: use HTTPS for iana.org links
6009a261e9 crypto/tls: handle errors in generate_cert.go
$ git log --oneline go1.11..go1.12 src/crypto/tls
320da8d149 [release-branch.go1.12] crypto/tls: don't select RSA-PSS for client certificates in TLS 1.2
0cfe46ce74 [release-branch.go1.12] crypto/tls, runtime: document GODEBUG TLS 1.3 option
7ccd3583ed crypto/tls: disable RSA-PSS in TLS 1.2
5d9bc60893 crypto/tls: make TLS 1.3 opt-in
6718bb22fe crypto/tls: send a "handshake failure" alert if the RSA key is too small
6f93f86498 crypto/tls: expand Config.CipherSuites docs
9e277f7d55 all: use "reports whether" consistently instead of "returns whether"
950100a95c crypto/tls: improve error message for unsupported certificates in TLS 1.3
d8ce141dde crypto/tls: fix client certificates support for legacy servers
2012227b01 vendor/golang_org/x: move to internal/x
4c51c93780 crypto/tls: prevent the test server from sending session tickets
70e3b1df4a crypto/tls: don't modify Config.Certificates in BuildNameToCertificate
30cc978085 crypto/tls: enable TLS 1.3 and update tests
039c2081d1 crypto/tls: set ServerName and unset TLSUnique in ConnectionState in TLS 1.3
46d4aa273d crypto/tls: implement TLS 1.3 downgrade protection
106db71f37 crypto/tls: implement TLS 1.3 client authentication
6435d0cfbf crypto/tls: implement TLS 1.3 PSK authentication (server side)
d669cc47ad crypto/tls: implement TLS 1.3 PSK authentication (client side)
dc0be727dc crypto/tls: implement TLS 1.3 middlebox compatibility mode
db27e78278 crypto/tls: implement TLS 1.3 KeyUpdate messages
29b01d556d crypto/tls: implement TLS 1.3 KeyLogWriter support
05a85f493c crypto/tls: remove a forgotten note to future self
c21ba09bcd crypto/tls: implement TLS 1.3 server handshake (base)
4caa1276a1 crypto/tls: implement TLS 1.3 client handshake (base)
ee7e443389 crypto/tls: advertise and accept rsa_pss_rsae signature algorithms
7f5dce08ad crypto/tls: implement TLS 1.3 version negotiation
0663fe9862 crypto/tls: implement TLS 1.3 version-specific messages
84d6a7abe8 crypto/tls: implement TLS 1.3 cryptographic computations
ef21689a68 crypto/tls: implement TLS 1.3 record layer and cipher suites
7aee7990ab crypto/tls: implement TLS 1.3 extensions for ClientHello and ServerHello
1350214e41 crypto/tls: cache Leaf certificate during BuildNameToCertificate
7bada2cf46 crypto/tls: clarify documentation on tls.Config.NextProtos
d1836e629f crypto/tls: remove unneeded calls to bytes.NewReader
4c8b09e918 crypto/tls: rewrite some messages with golang.org/x/crypto/cryptobyte
80b8377049 crypto/tls: bump test timeouts from 1s to 1m for slow builders
f6b554fec7 crypto/tls: replace custom equal implementations with reflect.DeepEqual
a7fb5e1bd2 crypto/tls: add timeouts to recorded tests
c942191c20 crypto/tls, net/http: reject HTTP requests to HTTPS server
ab51b1d63b crypto/tls: replace custom *block with standard buffers
be0f3c286b crypto/tls: replace net.Pipe in tests with real TCP connections
ee76992200 crypto/tls,crypto/x509: normalize RFC references
465d1c6168 crypto/tls: fix ServerHello SCT test
de16b32233 crypto/tls: make ConnectionState.ExportKeyingMaterial a method
$ git log --oneline go1.12.. src/crypto/tls
20389553c7 crypto/tls: simplify intermediate certificate handling
c5cf662407 all: move internal/x to vendor/golang.org/x and revendor using 'go mod vendor'
5a1c7b5841 crypto/tls: enable TLS 1.3 by default
8834353072 Revert "crypto/tls: disable RSA-PSS in TLS 1.2"
5a7e8f466e crypto/tls: fix typo
8d72e59853 crypto/tls: remove superfluous for label
48bb611667 crypto/tls, runtime: document GODEBUG TLS 1.3 option
from tls-tris.
Related Issues (20)
- Support for 0-RTT HOT 7
- Server resonds with incorrect error code when client sends empty list of certificates HOT 4
- add a license
- use of internal HOT 2
- Add SM- ciphersuites
- Client certificate has expired on Feb 13, 2019 HOT 1
- Wrong trace, when handshake fails on client side
- testing: one docker for testing is (more than) enough
- Create a standalone tls library that does not require patching the Go standard library HOT 1
- X25519: Check for all zeros value
- BUG: default ciphersSuites for 1.3 HOT 3
- Improve testing HOT 3
- build: Create debian package during build HOT 3
- Build fail on Arch Linux HOT 2
- Vendoring issues with SIKE and SIDH
- Server does not seem to support season ticket sealer in TLS 1.2
- Rebase on upstream Go crypto/tls
- Check that the library properly builds for all OS
- Add linters and checkers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tls-tris.