obfuscated_ticket_age must also be reset when comparing.
Thanks to Eric Rescorla for catching this. Change-Id: Id0a024d7f705519cfe76d350e0ef2688dbd11a22 Reviewed-on: https://boringssl-review.googlesource.com/12303 Reviewed-by: Nick Harper <nharper@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
75f9914e17
commit
ea80f9d5df
@ -637,6 +637,15 @@ ResendHelloRetryRequest:
|
|||||||
}
|
}
|
||||||
newClientHelloCopy.tls13Cookie = nil
|
newClientHelloCopy.tls13Cookie = nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// PSK binders and obfuscated ticket age are both updated in the
|
||||||
|
// second ClientHello.
|
||||||
|
if len(oldClientHelloCopy.pskIdentities) != len(newClientHelloCopy.pskIdentities) {
|
||||||
|
return errors.New("tls: PSK identity count from old and new ClientHello do not match")
|
||||||
|
}
|
||||||
|
for i, identity := range oldClientHelloCopy.pskIdentities {
|
||||||
|
newClientHelloCopy.pskIdentities[i].obfuscatedTicketAge = identity.obfuscatedTicketAge
|
||||||
|
}
|
||||||
newClientHelloCopy.pskBinders = oldClientHelloCopy.pskBinders
|
newClientHelloCopy.pskBinders = oldClientHelloCopy.pskBinders
|
||||||
|
|
||||||
if !oldClientHelloCopy.equal(&newClientHelloCopy) {
|
if !oldClientHelloCopy.equal(&newClientHelloCopy) {
|
||||||
|
Loading…
Reference in New Issue
Block a user