Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: persist the createdAt time when re-wrapping session tickets

Browse source 
Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/234483
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Katie Hockman 2020-05-18 15:50:03 -04:00
parent afd477f2ba
commit 3b0882e838
2 changed files with 35 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/crypto/tls/handshake_server.go
View file

@ -75,13 +75,8 @@ func (hs *serverHandshakeState) handshake() error {
if err := hs.establishKeys(); err != nil {
return err
}
// ticketSupported is set in a resumption handshake if the
// ticket from the client was encrypted with an old session
// ticket key and thus a refreshed ticket should be sent.
if hs.hello.ticketSupported {
if err := hs.sendSessionTicket(); err != nil {
return err
}
if err := hs.sendSessionTicket(); err != nil {
return err
}
if err := hs.sendFinished(c.serverFinished[:]); err != nil {
return err
@ -688,6 +683,9 @@ func (hs *serverHandshakeState) readFinished(out []byte) error {
}
func (hs *serverHandshakeState) sendSessionTicket() error {
// ticketSupported is set in a resumption handshake if the
// ticket from the client was encrypted with an old session
// ticket key and thus a refreshed ticket should be sent.
if !hs.hello.ticketSupported {
return nil
}
@ -695,6 +693,13 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
c := hs.c
m := new(newSessionTicketMsg)
createdAt := uint64(c.config.time().Unix())
if hs.sessionState != nil {
// If this is re-wrapping an old key, then keep
// the original time it was created.
createdAt = hs.sessionState.createdAt
}
var certsFromClient [][]byte
for _, cert := range c.peerCertificates {
certsFromClient = append(certsFromClient, cert.Raw)
@ -702,7 +707,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
state := sessionState{
vers: c.vers,
cipherSuite: hs.suite.id,
createdAt: uint64(c.config.time().Unix()),
createdAt: createdAt,
masterSecret: hs.masterSecret,
certificates: certsFromClient,
}