Commit 4e79c152 authored by Adam Langley's avatar Adam Langley

crypto/tls: don't generate random ticket keys if already set.

If SetSessionTicketKeys was called on a fresh tls.Config, the configured
keys would be overridden with a random key by serverInit.

Fixes #15421.

Change-Id: I5d6cc81fc3e5de4dfa15eb614d102fb886150d1b
Reviewed-on: https://go-review.googlesource.com/27317Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
parent 89d085de
......@@ -450,7 +450,7 @@ func (c *Config) clone() *Config {
}
func (c *Config) serverInit() {
if c.SessionTicketsDisabled {
if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 {
return
}
......
......@@ -648,13 +648,14 @@ func TestClientResumption(t *testing.T) {
t.Fatal("first ticket doesn't match ticket after resumption")
}
key2 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key2})
key1 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key1})
testResumeState("InvalidSessionTicketKey", false)
testResumeState("ResumeAfterInvalidSessionTicketKey", true)
serverConfig.SetSessionTicketKeys([][32]byte{randomKey(), key2})
key2 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key2, key1})
ticket = getTicket()
testResumeState("KeyChange", true)
if bytes.Equal(ticket, getTicket()) {
......@@ -662,6 +663,16 @@ func TestClientResumption(t *testing.T) {
}
testResumeState("KeyChangeFinish", true)
// Reset serverConfig to ensure that calling SetSessionTicketKeys
// before the serverConfig is used works.
serverConfig = &Config{
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Certificates: testConfig.Certificates,
}
serverConfig.SetSessionTicketKeys([][32]byte{key2})
testResumeState("FreshConfig", true)
clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
testResumeState("DifferentCipherSuite", false)
testResumeState("DifferentCipherSuiteRecovers", true)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment