Fix Client Certificate Verification when Using Extended Master Secret (#143)

2025-04-03 20:17:36 +03:00 · 2022-11-18 15:32:12 +00:00 · 2022-11-18 15:32:12 +00:00 · ef21c925ea
commit ef21c925ea
parent fb99df2a2e
2 changed files with 10 additions and 3 deletions
--- a/handshake_client.go
+++ b/handshake_client.go
@ -600,6 +600,11 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		}
 	}

+	// [UTLS SECTION START]
+	/* sessionHash does not include CertificateVerify */
+	sessionHash := hs.finishedHash.Sum()
+	// [UTLS SECTION END]
+
 	if chainToSend != nil && len(chainToSend.Certificate) > 0 {
 		certVerify := &certificateVerifyMsg{}

@ -648,11 +653,14 @@ func (hs *clientHandshakeState) doFullHandshake() error {
 		}
 	}

+	// [UTLS SECTION START]
 	if hs.hello.ems && hs.serverHello.ems {
-		hs.masterSecret = extendedMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.finishedHash)
+		hs.masterSecret = extendedMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, sessionHash)
 	} else {
 		hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random)
 	}
+	// [UTLS SECTION END]
+
 	if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil {
 		c.sendAlert(alertInternalError)
 		return errors.New("tls: failed to write to key log: " + err.Error())