(Indirectly) check that TLS was not renegotioated when using "tls-server-end-point".

2024-01-12 12:10:06 +01:00 · 2024-01-12 12:10:06 +01:00 · 7ccad52e63
commit 7ccad52e63
parent 705f68d1a5
1 changed files with 11 additions and 3 deletions
--- a/xmpp.go
+++ b/xmpp.go
@ -462,14 +462,22 @@ func (c *Client) init(o *Options) error {
 					return errors.New(mechanism + ": unknown TLS version")
 				}
 				if serverEndPoint {
+					var h hash.Hash
+					// This material is not necessary for `tls-server-end-point` binding, but it is required to check that
+					// the TLS connection was not renegotiated. This function will fail if that's the case (see
+					// https://pkg.go.dev/crypto/tls#ConnectionState.ExportKeyingMaterial
+					_, err = tlsState.ExportKeyingMaterial("EXPORTER-Channel-Binding", nil, 32)
+					if err != nil {
+						return err
+					}
 					switch tlsState.PeerCertificates[0].SignatureAlgorithm {
 					case x509.SHA1WithRSA, x509.SHA256WithRSA, x509.ECDSAWithSHA1,
 						x509.ECDSAWithSHA256, x509.SHA256WithRSAPSS:
-						h := sha256.New()
+						h = sha256.New()
 					case x509.SHA384WithRSA, x509.ECDSAWithSHA384, x509.SHA384WithRSAPSS:
-						h := sha512.New384()
+						h = sha512.New384()
 					case x509.SHA512WithRSA, x509.ECDSAWithSHA512, x509.SHA512WithRSAPSS:
-						h := sha512.New()
+						h = sha512.New()
 					}
 					h.Write(tlsState.PeerCertificates[0].Raw)
 					keyingMaterial = h.Sum(nil)