kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
492c9aa90c
boringssl/ssl
History
David Benjamin 492c9aa90c Fill in a fake session ID for TLS 1.3. 
Historically, OpenSSL filled in a fake session ID for ticket-only
client sessions. Conscrypt relies on this to implement some weird Java
API where every session has an ID and may be queried out of the client
session cache and, e.g., revoked that way.

(Note that a correct client session cache is not keyed by session ID and
indeed this allows one server to knock out another server's sessions by
matching session IDs. But existing APIs are existing APIs.)

For consistency between TLS 1.2 and TLS 1.3, as well as matching
OpenSSL's TLS 1.3 implementation, do the same in TLS 1.3. Note this
smooths over our cross-version resumption tests by allowing for
something odd: it is now syntactically possible to resume a TLS 1.3
session at TLS 1.2. It doesn't matter either way, but now a different
codepath rejects certain cases.

Change-Id: I9caf4f0c3b2e2e24ae25752826d47bce77e65616
Reviewed-on: https://boringssl-review.googlesource.com/31525
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-09-06 18:12:11 +00:00
..
test Fill in a fake session ID for TLS 1.3. 2018-09-06 18:12:11 +00:00
bio_ssl.cc
CMakeLists.txt Align on a single CMake style. 2018-08-10 16:22:31 +00:00
d1_both.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
d1_lib.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
d1_pkt.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
d1_srtp.cc A bunch more scopers. 2018-07-06 19:43:08 +00:00
dtls_method.cc Remove trailing whitespace from ssl/. 2018-02-26 22:05:13 +00:00
dtls_record.cc Use the actual record header, rather than reassembling it. 2018-04-10 19:52:33 +00:00
handoff.cc Remove other unnecessary tlsext_ prefixes. 2018-07-06 19:49:13 +00:00
handshake_client.cc Fill in a fake session ID for TLS 1.3. 2018-09-06 18:12:11 +00:00
handshake_server.cc Implement TLS 1.3 anti-downgrade signal. 2018-08-15 15:23:43 +00:00
handshake.cc Option to reverify certs on resumption. 2018-08-10 20:06:22 +00:00
internal.h Some more bools. 2018-09-06 13:49:57 +00:00
s3_both.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
s3_lib.cc Implement TLS 1.3 anti-downgrade signal. 2018-08-15 15:23:43 +00:00
s3_pkt.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
span_test.cc Add bssl::SealRecord and bssl::OpenRecord. 2017-07-24 20:14:08 +00:00
ssl_aead_ctx.cc Remove SSL 3.0 implementation. 2018-06-28 16:54:58 +00:00
ssl_asn1.cc Give SSL_SESSION a destructor. 2018-07-03 22:57:56 +00:00
ssl_buffer.cc Switch some easy SSL fields to UniquePtr. 2018-07-06 19:30:51 +00:00
ssl_cert.cc A bunch more scopers. 2018-07-06 19:43:08 +00:00
ssl_cipher.cc Add a compile time verification ciphers are sorted for bsearch() 2018-07-30 22:17:31 +00:00
ssl_file.cc Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
ssl_key_share.cc Check for nullptr result of SSLKeyShare::Create(). 2018-04-10 22:55:53 +00:00
ssl_lib.cc Don't let a NULL mean the initial SSL_CTX in SSL_set_SSL_CTX. 2018-08-16 20:59:45 +00:00
ssl_privkey.cc Support OpenSSL APIs SSL[_CTX]_set1_sigalgs[_list]. 2018-08-09 16:57:09 +00:00
ssl_session.cc Use Span/Array for ticket decryption. 2018-08-14 19:00:34 +00:00
ssl_stat.cc Remove trailing whitespace from ssl/. 2018-02-26 22:05:13 +00:00
ssl_test.cc Fill in a fake session ID for TLS 1.3. 2018-09-06 18:12:11 +00:00
ssl_transcript.cc Simplify SSLTranscript. 2018-07-13 16:23:40 +00:00
ssl_versions.cc Switch the default TLS 1.3 variant to tls13_rfc. 2018-08-28 13:58:28 +00:00
ssl_x509.cc Add more scopers. 2018-07-15 14:11:53 +00:00
t1_enc.cc Remove SSL 3.0 implementation. 2018-06-28 16:54:58 +00:00
t1_lib.cc Don't depend on extension ordering to avoid an empty final extension. 2018-08-23 23:36:15 +00:00
tls13_both.cc Some more bools. 2018-09-06 13:49:57 +00:00
tls13_client.cc Fill in a fake session ID for TLS 1.3. 2018-09-06 18:12:11 +00:00
tls13_enc.cc Add more scopers. 2018-07-15 14:11:53 +00:00
tls13_server.cc Some more bools. 2018-09-06 13:49:57 +00:00
tls_method.cc Pack encrypted handshake messages together. 2018-05-29 14:28:56 +00:00
tls_record.cc Use the actual record header, rather than reassembling it. 2018-04-10 19:52:33 +00:00