Fix Client Certificate Verification when Using Extended Master Secret (#143)

2025-04-03 20:17:36 +03:00 · 2022-11-18 15:32:12 +00:00 · 2022-11-18 15:32:12 +00:00 · ef21c925ea
commit ef21c925ea
parent fb99df2a2e
2 changed files with 10 additions and 3 deletions
--- a/u_tls_extensions.go
+++ b/u_tls_extensions.go
@ -522,8 +522,7 @@ var extendedMasterSecretLabel = []byte("extended master secret")

 // extendedMasterFromPreMasterSecret generates the master secret from the pre-master
 // secret and session hash. See https://tools.ietf.org/html/rfc7627#section-4
-func extendedMasterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret []byte, fh finishedHash) []byte {
-	sessionHash := fh.Sum()
+func extendedMasterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret []byte, sessionHash []byte) []byte {
 	masterSecret := make([]byte, masterSecretLength)
 	prfForVersion(version, suite)(masterSecret, preMasterSecret, extendedMasterSecretLabel, sessionHash)
 	return masterSecret