Fix missing TicketMaxEarlyDataInfo in first session ticket.
Change-Id: Ib24208e0ebdb1787c629ee29bd0115332ac36e73
Reviewed-on: https://boringssl-review.googlesource.com/21484
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 5bed962..c36b503 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -560,6 +560,10 @@
// NewSessionTicket message despite promising to in ServerHello.
SkipNewSessionTicket bool
+ // UseFirstSessionTicket causes the client to cache only the first session
+ // ticket received.
+ UseFirstSessionTicket bool
+
// SkipClientCertificate causes the client to skip the Certificate
// message.
SkipClientCertificate bool
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index a80e3c8..ea33811 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -1486,7 +1486,10 @@
}
cacheKey := clientSessionCacheKey(c.conn.RemoteAddr(), c.config)
- c.config.ClientSessionCache.Put(cacheKey, session)
+ _, ok := c.config.ClientSessionCache.Get(cacheKey)
+ if !ok || !c.config.Bugs.UseFirstSessionTicket {
+ c.config.ClientSessionCache.Put(cacheKey, session)
+ }
return nil
}
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 5918e6b..afa8bd1 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -10871,6 +10871,27 @@
},
})
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "EarlyData-FirstTicket-Server-" + name,
+ config: Config{
+ MaxVersion: VersionTLS13,
+ MinVersion: VersionTLS13,
+ Bugs: ProtocolBugs{
+ UseFirstSessionTicket: true,
+ SendEarlyData: [][]byte{{1, 2, 3, 4}},
+ ExpectEarlyDataAccepted: true,
+ ExpectHalfRTTData: [][]byte{{254, 253, 252, 251}},
+ },
+ },
+ tls13Variant: variant,
+ messageCount: 2,
+ resumeSession: true,
+ flags: []string{
+ "-enable-early-data",
+ "-expect-accept-early-data",
+ },
+ })
}
testCases = append(testCases, testCase{
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index ea1beae..9fe2d5d 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -165,6 +165,10 @@
}
hs->new_session->ticket_age_add_valid = 1;
+ if (ssl->cert->enable_early_data) {
+ hs->new_session->ticket_max_early_data = kMaxEarlyDataAccepted;
+ }
+
ScopedCBB cbb;
CBB body, ticket, extensions;
if (!ssl->method->init_message(ssl, cbb.get(), &body,
@@ -178,8 +182,6 @@
}
if (ssl->cert->enable_early_data) {
- hs->new_session->ticket_max_early_data = kMaxEarlyDataAccepted;
-
CBB early_data_info;
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_ticket_early_data_info) ||
!CBB_add_u16_length_prefixed(&extensions, &early_data_info) ||