crypto/tls: don't generate random ticket keys if already set.

If SetSessionTicketKeys was called on a fresh tls.Config, the configured
keys would be overridden with a random key by serverInit.

Fixes #15421.

Change-Id: I5d6cc81fc3e5de4dfa15eb614d102fb886150d1b
Reviewed-on: https://go-review.googlesource.com/27317
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Adam Langley 2016-08-17 17:38:06 -07:00
parent 999c968fe2
commit 251d647e6e
2 changed files with 15 additions and 4 deletions

View File

@ -450,7 +450,7 @@ func (c *Config) clone() *Config {
}
func (c *Config) serverInit() {
if c.SessionTicketsDisabled {
if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 {
return
}

View File

@ -648,13 +648,14 @@ func TestClientResumption(t *testing.T) {
t.Fatal("first ticket doesn't match ticket after resumption")
}
key2 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key2})
key1 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key1})
testResumeState("InvalidSessionTicketKey", false)
testResumeState("ResumeAfterInvalidSessionTicketKey", true)
serverConfig.SetSessionTicketKeys([][32]byte{randomKey(), key2})
key2 := randomKey()
serverConfig.SetSessionTicketKeys([][32]byte{key2, key1})
ticket = getTicket()
testResumeState("KeyChange", true)
if bytes.Equal(ticket, getTicket()) {
@ -662,6 +663,16 @@ func TestClientResumption(t *testing.T) {
}
testResumeState("KeyChangeFinish", true)
// Reset serverConfig to ensure that calling SetSessionTicketKeys
// before the serverConfig is used works.
serverConfig = &Config{
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
Certificates: testConfig.Certificates,
}
serverConfig.SetSessionTicketKeys([][32]byte{key2})
testResumeState("FreshConfig", true)
clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}
testResumeState("DifferentCipherSuite", false)
testResumeState("DifferentCipherSuiteRecovers", true)