feat: add an option to skip resumption on nil ext & update examples (#239)

* feat: add an option to skip resumption on nil ext feat: update examples * fix: clone unit test
2025-04-03 20:17:36 +03:00 · 2023-10-05 11:47:24 -07:00 · 2023-10-05 11:47:24 -07:00 · 75eb8e9e80
commit 75eb8e9e80
parent df6e4c827a
5 changed files with 86 additions and 14 deletions
--- a/examples/tls-resumption/main.go
+++ b/examples/tls-resumption/main.go
@ -38,7 +38,16 @@ func (csc *ClientSessionCache) Put(sessionKey string, cs *tls.ClientSessionState
 	}
 }

-func runResumptionCheck(helloID tls.ClientHelloID, serverAddr string, retry int, verbose bool) {
+type ResumptionType int
+
+const (
+	noResumption     ResumptionType = 0
+	pskResumption    ResumptionType = 1
+	ticketResumption ResumptionType = 2
+)
+
+func runResumptionCheck(helloID tls.ClientHelloID, getCustomSpec func() *tls.ClientHelloSpec, expectResumption ResumptionType, serverAddr string, retry int, verbose bool) {
+	fmt.Printf("checking: hello [%s], expectResumption [%v], serverAddr [%s]\n", helloID.Client, expectResumption, serverAddr)
 	csc := NewClientSessionCache()
 	tcpConn, err := net.Dial("tcp", serverAddr)
 	if err != nil {
@ -55,6 +64,10 @@ func runResumptionCheck(helloID tls.ClientHelloID, serverAddr string, retry int,
 		OmitEmptyPsk:       true,
 	}, helloID)

+	if getCustomSpec != nil {
+		tlsConn.ApplyPreset(getCustomSpec())
+	}
+
 	// HS
 	err = tlsConn.Handshake()
 	if err != nil {
@ -96,6 +109,7 @@ func runResumptionCheck(helloID tls.ClientHelloID, serverAddr string, retry int,
 	}
 	tlsConn.Close()

+	resumption := noResumption
 	for i := 0; i < retry; i++ {
 		tcpConnPSK, err := net.Dial("tcp", serverAddr)
 		if err != nil {
@ -108,6 +122,10 @@ func runResumptionCheck(helloID tls.ClientHelloID, serverAddr string, retry int,
 			OmitEmptyPsk:       true,
 		}, helloID)

+		if getCustomSpec != nil {
+			tlsConnPSK.ApplyPreset(getCustomSpec())
+		}
+
 		// HS
 		err = tlsConnPSK.Handshake()
 		if verbose {
@ -133,27 +151,47 @@ func runResumptionCheck(helloID tls.ClientHelloID, serverAddr string, retry int,

 			if tlsVer == tls.VersionTLS13 && tlsConnPSK.HandshakeState.State13.UsingPSK {
 				fmt.Println("[PSK used]")
-				return
+				resumption = pskResumption
+				break
 			} else if tlsVer == tls.VersionTLS12 && tlsConnPSK.DidTls12Resume() {
 				fmt.Println("[session ticket used]")
-				return
+				resumption = ticketResumption
+				break
 			}
 		}
 		time.Sleep(700 * time.Millisecond)
 	}
-	panic(fmt.Sprintf("PSK or session ticket not used for a resumption session, server %s, helloID: %s", serverAddr, helloID.Client))
+
+	if resumption != expectResumption {
+		panic(fmt.Sprintf("Expecting resumption type: %v, actual %v; session, server %s, helloID: %s", expectResumption, resumption, serverAddr, helloID.Client))
+	} else {
+		fmt.Println("[expected]")
+	}
 }

 func main() {
 	tls13Url := "www.microsoft.com:443"
 	tls12Url1 := "spocs.getpocket.com:443"
 	tls12Url2 := "marketplace.visualstudio.com:443"
-	runResumptionCheck(tls.HelloChrome_100_PSK, tls13Url, 1, false) // psk + utls
-	runResumptionCheck(tls.HelloGolang, tls13Url, 1, false)         // psk + crypto/tls
+	runResumptionCheck(tls.HelloChrome_100, nil, noResumption, tls13Url, 3, false) // no-resumption + utls
+	func() {
+		defer func() {
+			if err := recover(); err == nil {
+				panic("must throw")
+			}
+		}()

-	runResumptionCheck(tls.HelloChrome_100_PSK, tls12Url1, 10, false) // session ticket + utls
-	runResumptionCheck(tls.HelloGolang, tls12Url1, 10, false)         // session ticket + crypto/tls
-	runResumptionCheck(tls.HelloChrome_100_PSK, tls12Url2, 10, false) // session ticket + utls
-	runResumptionCheck(tls.HelloGolang, tls12Url2, 10, false)         // session ticket + crypto/tls
+		runResumptionCheck(tls.HelloCustom, func() *tls.ClientHelloSpec {
+			spec, _ := tls.UTLSIdToSpec(tls.HelloChrome_100)
+			return &spec
+		}, noResumption, tls13Url, 3, false) // no-resumption + utls custom + no psk extension
+	}()
+	runResumptionCheck(tls.HelloChrome_100_PSK, nil, pskResumption, tls13Url, 1, false) // psk + utls
+	runResumptionCheck(tls.HelloGolang, nil, pskResumption, tls13Url, 1, false)         // psk + crypto/tls
+
+	runResumptionCheck(tls.HelloChrome_100_PSK, nil, ticketResumption, tls12Url1, 10, false) // session ticket + utls
+	runResumptionCheck(tls.HelloGolang, nil, ticketResumption, tls12Url1, 10, false)         // session ticket + crypto/tls
+	runResumptionCheck(tls.HelloChrome_100_PSK, nil, ticketResumption, tls12Url2, 10, false) // session ticket + utls
+	runResumptionCheck(tls.HelloGolang, nil, ticketResumption, tls12Url2, 10, false)         // session ticket + crypto/tls

 }