Regression in Go 1.2rc2 - TLS Handshake Error

278 views

Skip to first unread message

Satish Puranam

unread,

Oct 18, 2013, 11:24:56 AM10/18/13

to golan...@googlegroups.com

Hello,

I written a small tool that crawls our web farm to check for SSL configuration of the web servers. Testing this program with Go 1.2rc2 which was released yesterday, surprisingly broke my tool. Below is the sample test script that consistently fails with message "remote error: handshake failure" when complied with GO 1.2rc2 where as it works as expected when complied with go1.1.2 on both windows 7(amd64) and Ubuntu 10.13 (amd64).

I have attached the output generated by this test program of Windows 7 (go-1.1.2.txt, go-1.2rc2.txt) and Ubuntu (go-1.1.2.lnx.txt, go-1.2rc2.lnx.txt). Also attached is the output of the commands:

openssl s_client -connect 19.107.1.12:7703 - openssl.txt

sudo tcpdump -i eth0 -s 9999 -w /tmp/dump dst 19.107.1.12 - (tcpdump-1.1.2.txt, tcpdump-1.2rc2.txt)

At this point i am stuck not sure how to proceed further, any help would be much appreciated.

package main

import (

"crypto/tls"

"fmt"

"net"

"os"

"runtime"

"strings"

"time"

)

func main() {

fmt.Printf("OS:%s\n", runtime.GOOS)

fmt.Printf("Arch:%s\n", runtime.GOARCH)

fmt.Printf("Go Version:%s\n\n", runtime.Version())

ipConn, err := net.DialTimeout("tcp", "19.107.1.12:7703", 10000*time.Millisecond)

if err != nil {

fmt.Printf("%s\n", err)

os.Exit(1)

}

defer ipConn.Close()

config := tls.Config{InsecureSkipVerify: true}

conn := tls.Client(ipConn, &config)

defer conn.Close()

if err := conn.Handshake(); err != nil {

fmt.Printf("%s\n", err)

os.Exit(1)

}

certs := conn.ConnectionState().PeerCertificates

if certs == nil || len(certs) < 1 {

fmt.Println("Could not get server's certificate from the TLS connection.")

os.Exit(1)

}

for i, cert := range certs {

fmt.Printf("Certificate chain:%d\n", i)

fmt.Printf("Common Name:%s\n", cert.Subject.CommonName)

fmt.Printf("Alternate Name:%v\n", cert.DNSNames)

fmt.Printf("Valid Not Before:%s\n", cert.NotBefore.Local().String())

fmt.Println("" + strings.Repeat("=", 80) + "\n")

}

Satish

go-1.1.2.lnx.txt

go-1.1.2.txt

go-1.2rc2.lnx.txt

go-1.2rc2.txt

openssl.txt

tcpdump-1.1.2.txt

tcpdump-1.2rc2.txt

agl

unread,

Oct 21, 2013, 1:54:43 PM10/21/13

to golan...@googlegroups.com

This is being tracked in https://code.google.com/p/go/issues/detail?id=6618

Reply all

Reply to author

Forward

0 new messages