crypto/tls: add OCSP response to ConnectionState

The OCSP response is currently only exposed via a method on Conn, which makes it inaccessible when using wrappers like net/http. The ConnectionState structure is typically available even when using wrappers and contains many of the other handshake details, so this change exposes the stapled OCSP response in that structure. Change-Id: If8dab49292566912c615d816321b4353e711f71f Reviewed-on: https://go-review.googlesource.com/9361 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org>
2015-04-26 12:05:37 -04:00 · 2015-04-26 12:05:37 -04:00 · ac2bf8ad06
parent d86b8d34d0
commit ac2bf8ad06
2 changed files with 2 additions and 0 deletions
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@ -169,6 +169,7 @@ type ConnectionState struct {
 	PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
 	VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
 	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
+	OCSPResponse                []byte                // stapled OCSP response from server, if any

 	// TLSUnique contains the "tls-unique" channel binding value (see RFC
 	// 5929, section 3). For resumed sessions this value will be nil
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@ -995,6 +995,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 		state.VerifiedChains = c.verifiedChains
 		state.ServerName = c.serverName
 		state.SignedCertificateTimestamps = c.scts
+		state.OCSPResponse = c.ocspResponse
 		if !c.didResume {
 			state.TLSUnique = c.firstFinished[:]
 		}