mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: use SessionState on the client side

Browse source 
Another internal change, that allows exposing the new APIs easily in
following CLs.

For #60105

Change-Id: I9c61b9f6e9d29af633f952444f514bcbbe82fe4e
Reviewed-on: https://go-review.googlesource.com/c/go/+/496819
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Filippo Valsorda 2023-05-21 21:17:56 +02:00
parent b838c1c320
commit e911b27e23
9 changed files with 350 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

28
handshake_server.go
View file

@ -448,7 +448,7 @@ func (hs *serverHandshakeState) checkForResumption() bool {
return false
}
sessionHasClientCerts := len(hs.sessionState.certificate.Certificate) != 0
sessionHasClientCerts := len(hs.sessionState.peerCertificates) != 0
needClientCerts := requiresClientCert(c.config.ClientAuth)
if needClientCerts && !sessionHasClientCerts {
return false
@ -481,7 +481,7 @@ func (hs *serverHandshakeState) doResumeHandshake() error {
return err
}
if err := c.processCertsFromClient(hs.sessionState.certificate); err != nil {
if err := c.processCertsFromClient(hs.sessionState.certificate()); err != nil {
return err
}
@ -759,27 +759,15 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
c := hs.c
m := new(newSessionTicketMsg)
createdAt := uint64(c.config.time().Unix())
state, err := c.sessionState()
if err != nil {
return err
}
state.secret = hs.masterSecret
if hs.sessionState != nil {
// If this is re-wrapping an old key, then keep
// the original time it was created.
createdAt = hs.sessionState.createdAt
}
var certsFromClient [][]byte
for _, cert := range c.peerCertificates {
certsFromClient = append(certsFromClient, cert.Raw)
}
state := SessionState{
version: c.vers,
cipherSuite: hs.suite.id,
createdAt: createdAt,
secret: hs.masterSecret,
certificate: Certificate{
Certificate: certsFromClient,
OCSPStaple: c.ocspResponse,
SignedCertificateTimestamps: c.scts,
},
state.createdAt = hs.sessionState.createdAt
}
stateBytes, err := state.Bytes()
if err != nil {