pkg crypto/tls, func ParseSessionState([]uint8) (*SessionState, error) #60105
pkg crypto/tls, method (*SessionState) Bytes() ([]uint8, error) #60105
pkg crypto/tls, type SessionState struct #60105
+pkg crypto/tls, func NewResumptionState([]uint8, *SessionState) (*ClientSessionState, error) #60105
+pkg crypto/tls, method (*ClientSessionState) ResumptionState() ([]uint8, *SessionState, error) #60105
clientConfig.ClientSessionCache = nil
testResumeState("WithoutSessionCache", false)
+
+ clientConfig.ClientSessionCache = &serializingClientCache{t: t}
+ testResumeState("BeforeSerializingCache", false)
+ testResumeState("WithSerializingCache", true)
+}
+
+type serializingClientCache struct {
+ t *testing.T
+
+ ticket, state []byte
+}
+
+func (c *serializingClientCache) Get(sessionKey string) (session *ClientSessionState, ok bool) {
+ if c.ticket == nil {
+ return nil, false
+ }
+ state, err := ParseSessionState(c.state)
+ if err != nil {
+ c.t.Error(err)
+ return nil, false
+ }
+ cs, err := NewResumptionState(c.ticket, state)
+ if err != nil {
+ c.t.Error(err)
+ return nil, false
+ }
+ return cs, true
+}
+
+func (c *serializingClientCache) Put(sessionKey string, cs *ClientSessionState) {
+ ticket, state, err := cs.ResumptionState()
+ if err != nil {
+ c.t.Error(err)
+ return
+ }
+ stateBytes, err := state.Bytes()
+ if err != nil {
+ c.t.Error(err)
+ return
+ }
+ c.ticket, c.state = ticket, stateBytes
}
func TestLRUClientSessionCache(t *testing.T) {
ageAdd uint32
}
-// ClientSessionState contains the state needed by clients to resume TLS
-// sessions.
-type ClientSessionState struct {
- ticket []byte
- session *SessionState
-}
-
// Bytes encodes the session, including any private fields, so that it can be
-// parsed by [ParseSessionState]. The encoding contains secret values.
+// parsed by [ParseSessionState]. The encoding contains secret values critical
+// to the security of future and possibly past sessions.
//
// The specific encoding should be considered opaque and may change incompatibly
// between Go versions.
return nil
}
+
+// ClientSessionState contains the state needed by a client to
+// resume a previous TLS session.
+type ClientSessionState struct {
+ ticket []byte
+ session *SessionState
+}
+
+// ResumptionState returns the session ticket sent by the server (also known as
+// the session's identity) and the state necessary to resume this session.
+//
+// It can be called by [ClientSessionCache.Put] to serialize (with
+// [SessionState.Bytes]) and store the session.
+func (cs *ClientSessionState) ResumptionState() (ticket []byte, state *SessionState, err error) {
+ return cs.ticket, cs.session, nil
+}
+
+// NewResumptionState returns a state value that can be returned by
+// [ClientSessionCache.Get] to resume a previous session.
+//
+// state needs to be returned by [ParseSessionState], and the ticket and session
+// state must have been returned by [ClientSessionState.ResumptionState].
+func NewResumptionState(ticket []byte, state *SessionState) (*ClientSessionState, error) {
+ return &ClientSessionState{
+ ticket: ticket, session: state,
+ }, nil
+}