From 841ef93712800db68a8789b28e70af2b4da1960e Mon Sep 17 00:00:00 2001 From: adotkhan <61702862+adotkhan@users.noreply.github.com> Date: Tue, 16 Jul 2024 01:56:12 -0400 Subject: [PATCH] Fixes session ticket / PSK not set (#302) * Add setters for SessionState fields createdAt, UseBy, and AgeAdd * chore: remove accidental comments from code * fix: incorrect clientHelloBuildStatus after BuildHandshakeStateWithoutSession Reviewed-by: Gaukas Wang * chore: add empty lines between functions Signed-off-by: Gaukas Wang --------- Signed-off-by: Gaukas Wang Co-authored-by: Gaukas Wang --- u_conn.go | 2 +- u_public.go | 30 +++++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/u_conn.go b/u_conn.go index f683c05c..49cc0f0e 100644 --- a/u_conn.go +++ b/u_conn.go @@ -154,9 +154,9 @@ func (uconn *UConn) buildHandshakeState(loadSession bool) error { if loadSession { uconn.uApplyPatch() uconn.sessionController.finalCheck() + uconn.clientHelloBuildStatus = BuildByUtls } - uconn.clientHelloBuildStatus = BuildByUtls } return nil } diff --git a/u_public.go b/u_public.go index cdcd6eeb..51265300 100644 --- a/u_public.go +++ b/u_public.go @@ -617,9 +617,6 @@ func (PSS PskIdentities) ToPrivate() []pskIdentity { // ClientSessionState is public, but all its fields are private. Let's add setters, getters and constructor -// TODO! can we change this enought (or export SessionState), -// such that we wouldn't need to fork crypto/tls? - // ClientSessionState contains the state needed by clients to resume TLS sessions. func MakeClientSessionState( SessionTicket []uint8, @@ -679,36 +676,49 @@ func (css *ClientSessionState) VerifiedChains() [][]*x509.Certificate { func (css *ClientSessionState) SetSessionTicket(SessionTicket []uint8) { css.ticket = SessionTicket } + func (css *ClientSessionState) SetVers(Vers uint16) { if css.session == nil { css.session = &SessionState{} } css.session.version = Vers } + func (css *ClientSessionState) SetCipherSuite(CipherSuite uint16) { if css.session == nil { css.session = &SessionState{} } css.session.cipherSuite = CipherSuite } + +func (css *ClientSessionState) SetCreatedAt(createdAt uint64) { + if css.session == nil { + css.session = &SessionState{} + } + css.session.createdAt = createdAt +} + func (css *ClientSessionState) SetMasterSecret(MasterSecret []byte) { if css.session == nil { css.session = &SessionState{} } css.session.secret = MasterSecret } + func (css *ClientSessionState) SetEMS(ems bool) { if css.session == nil { css.session = &SessionState{} } css.session.extMasterSecret = ems } + func (css *ClientSessionState) SetServerCertificates(ServerCertificates []*x509.Certificate) { if css.session == nil { css.session = &SessionState{} } css.session.peerCertificates = ServerCertificates } + func (css *ClientSessionState) SetVerifiedChains(VerifiedChains [][]*x509.Certificate) { if css.session == nil { css.session = &SessionState{} @@ -716,6 +726,20 @@ func (css *ClientSessionState) SetVerifiedChains(VerifiedChains [][]*x509.Certif css.session.verifiedChains = VerifiedChains } +func (css *ClientSessionState) SetUseBy(useBy uint64) { + if css.session == nil { + css.session = &SessionState{} + } + css.session.useBy = useBy +} + +func (css *ClientSessionState) SetAgeAdd(ageAdd uint32) { + if css.session == nil { + css.session = &SessionState{} + } + css.session.ageAdd = ageAdd +} + // TicketKey is the internal representation of a session ticket key. type TicketKey struct { AesKey [16]byte