Let the server send a mock encrypted certificate after ChangeCipherSuite to imitate real behaviour more closely

2019-08-07 00:28:08 +01:00 · 2019-08-07 00:28:08 +01:00 · ae4fc917b6
parent 81f233c226
commit ae4fc917b6
2 changed files with 10 additions and 3 deletions
--- a/internal/client/TLS.go
+++ b/internal/client/TLS.go
@ -66,9 +66,12 @@ func PrepareConnection(sta *State, conn net.Conn) (sessionKey []byte, err error)
 		return
 	}

-	_, err = util.ReadTLS(conn, buf)
-	if err != nil {
-		return
+	for i := 0; i < 2; i++ {
+		// ChangeCipherSpec and EncryptedCert (in the format of application data)
+		_, err = util.ReadTLS(conn, buf)
+		if err != nil {
+			return
+		}
 	}

 	return sessionKey, nil
--- a/internal/server/TLS.go
+++ b/internal/server/TLS.go
@ -212,7 +212,11 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
 	}
 	shBytes := addRecordLayer(sh, []byte{0x16}, TLS12)
 	ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12)
+	cert := make([]byte, 68) // this is always 68 bytes
+	rand.Read(cert)
+	encryptedCertBytes := addRecordLayer(cert, []byte{0x17}, TLS12)
 	ret := append(shBytes, ccsBytes...)
+	ret = append(ret, encryptedCertBytes...)
 	return ret, nil
 }