crypto/tls: persist the createdAt time when re-wrapping session tickets

Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/234483
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

handshake_client_test.go

@@ -980,7 +980,28 @@ func testResumption(t *testing.T, version uint16) {
 	if bytes.Equal(ticket, getTicket()) {
 		t.Fatal("new ticket wasn't provided after old ticket expired")
 	}
-	testResumeState("FreshSessionTicket", true)
+
+	// Age the session ticket a bit at a time, but don't expire it.
+	d := 0 * time.Hour
+	for i := 0; i < 13; i++ {
+		d += 12 * time.Hour
+		serverConfig.Time = func() time.Time { return time.Now().Add(d) }
+		testResumeState("OldSessionTicket", true)
+	}
+	// Expire it (now a little more than 7 days) and make sure a full
+	// handshake occurs for TLS 1.2. Resumption should still occur for
+	// TLS 1.3 since the client should be using a fresh ticket sent over
+	// by the server.
+	d += 12 * time.Hour
+	serverConfig.Time = func() time.Time { return time.Now().Add(d) }
+	if version == VersionTLS13 {
+		testResumeState("ExpiredSessionTicket", true)
+	} else {
+		testResumeState("ExpiredSessionTicket", false)
+	}
+	if bytes.Equal(ticket, getTicket()) {
+		t.Fatal("new ticket wasn't provided after old ticket expired")
+	}
 
 	// Reset serverConfig to ensure that calling SetSessionTicketKeys
 	// before the serverConfig is used works.