Don't copy client's session ID into server's session.
When decrypting a ticket we would copy the client's session ID into the
session and then copy the session's ID into the ServerHello (if
resuming). That seems icky. Instead install the same placeholder on the
server as we do on the client.
Change-Id: Icb50a3be2f05e6428f1b286c8c09015f7bb4af16
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47784
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index cdb9016..67f18fd 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -3928,10 +3928,12 @@
return ssl_ticket_aead_ignore_ticket;
}
- // Copy the client's session ID into the new session, to denote the ticket has
- // been accepted.
- OPENSSL_memcpy(session->session_id, session_id.data(), session_id.size());
- session->session_id_length = session_id.size();
+ // Envoy's tests expect the session to have a session ID that matches the
+ // placeholder used by the client. It's unclear whether this is a good idea,
+ // but we maintain it for now.
+ SHA256(ticket.data(), ticket.size(), session->session_id);
+ // Other consumers may expect a non-empty session ID to indicate resumption.
+ session->session_id_length = SHA256_DIGEST_LENGTH;
*out_session = std::move(session);
return ssl_ticket_aead_success;
