mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Allow BuildHandshakeState to inspect ClientHello before setting SessionTicket/PSK (#301)

Browse source 
* Lock sessionController only on last call to BuildHandshakeState

* Add public getter/setter for SessionState.extMasterSecret

* Fix breaking exported MakeClientSessionState

* Revert `(*UConn).BuildHandshakeState` to lock session controller

This partially reverts ebe5d664d2
and introduces BuildHandshakeStateWithoutSession.

* fix: Marshal the Client Hello after loading session


---------

Signed-off-by: Gaukas Wang <i@gaukas.wang>
This commit is contained in:
adotkhan 2024-06-26 23:12:28 -04:00 committed by GitHub
parent 4f713392d1
commit 925bfb39ab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 38 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
u_public.go
View file

@ -617,6 +617,9 @@ func (PSS PskIdentities) ToPrivate() []pskIdentity {
// ClientSessionState is public, but all its fields are private. Let's add setters, getters and constructor
// TODO! can we change this enought (or export SessionState),
// such that we wouldn't need to fork crypto/tls?
// ClientSessionState contains the state needed by clients to resume TLS sessions.
func MakeClientSessionState(
SessionTicket []uint8,
@ -625,6 +628,7 @@ func MakeClientSessionState(
MasterSecret []byte,
ServerCertificates []*x509.Certificate,
VerifiedChains [][]*x509.Certificate) *ClientSessionState {
// TODO: Add EMS to this constructor in uTLS v2
css := &ClientSessionState{
ticket: SessionTicket,
session: &SessionState{
@ -658,6 +662,10 @@ func (css *ClientSessionState) MasterSecret() []byte {
return css.session.secret
}
func (css *ClientSessionState) EMS() bool {
return css.session.extMasterSecret
}
// Certificate chain presented by the server
func (css *ClientSessionState) ServerCertificates() []*x509.Certificate {
return css.session.peerCertificates
@ -689,6 +697,12 @@ func (css *ClientSessionState) SetMasterSecret(MasterSecret []byte) {
}
css.session.secret = MasterSecret
}
func (css *ClientSessionState) SetEMS(ems bool) {
if css.session == nil {
css.session = &SessionState{}
}
css.session.extMasterSecret = ems
}
func (css *ClientSessionState) SetServerCertificates(ServerCertificates []*x509.Certificate) {
if css.session == nil {
css.session = &SessionState{}