src/crypto/tls/common.go | 31 ++++++++++++++++++++++--------- src/crypto/tls/handshake_server_test.go | 28 ++++++++++++++++++++-------- src/crypto/tls/tls_test.go | 35 +++++++++++++++++++++++++++++++++++ diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 074701eb5deeeea5f3cea5e7df4f5e8bffdc6bb1..db2f32888ae357ad5189b180cfa380390023cc26 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -22,6 +22,7 @@ "fmt" "internal/godebug" "io" "net" + "runtime" "slices" "strings" "sync" @@ -1818,15 +1819,27 @@ return opts.CurrentTime.Before(cert.NotBefore) || opts.CurrentTime.After(cert.NotAfter) }) { continue } - // Since we already validated the chain, we only care that it is - // rooted in a CA in CAs, or in the system pool. On platforms where - // we control chain validation (e.g. not Windows or macOS) this is a - // simple lookup in the CertPool internal hash map. On other - // platforms, this may be more expensive, depending on how they - // implement verification of just root certificates. - root := chain[len(chain)-1] - if _, err := root.Verify(opts); err == nil { - return true + // Since we already validated the chain, we only care that it is rooted + // in a CA in opts.Roots. On platforms where we control chain validation + // (e.g. not Windows or macOS) this is a simple lookup in the CertPool + // internal hash map, which we can simulate by running Verify on the + // root. On other platforms, we have to do full verification again, + // because EKU handling might differ. We will want to replace this with + // CertPool.Contains if/once that is available. See go.dev/issue/77376. + if runtime.GOOS == "windows" || runtime.GOOS == "darwin" || runtime.GOOS == "ios" { + opts.Intermediates = x509.NewCertPool() + for _, cert := range chain[1:max(1, len(chain)-1)] { + opts.Intermediates.AddCert(cert) + } + leaf := chain[0] + if _, err := leaf.Verify(opts); err == nil { + return true + } + } else { + root := chain[len(chain)-1] + if _, err := root.Verify(opts); err == nil { + return true + } } } return false diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go index 249767b1e460d7979f288be5fbfd8914742106a9..4963d39b50fa2ba330b421e3db4dcb5c62cafcde 100644 --- a/src/crypto/tls/handshake_server_test.go +++ b/src/crypto/tls/handshake_server_test.go @@ -2270,7 +2270,7 @@ rootA, err := x509.ParseCertificate(rootDER) if err != nil { t.Fatalf("ParseCertificate: %v", err) } - rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testRSA2048PrivateKey.PublicKey, testRSA2048PrivateKey) if err != nil { t.Fatalf("CreateCertificate: %v", err) } @@ -2286,7 +2286,11 @@ NotBefore: now.Add(-time.Hour * 24), NotAfter: now.Add(time.Hour * 24), KeyUsage: x509.KeyUsageDigitalSignature, } - certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + certA, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + if err != nil { + t.Fatalf("CreateCertificate: %v", err) + } + certB, err := x509.CreateCertificate(rand.Reader, tmpl, rootB, &testECDSAPrivateKey.PublicKey, testRSA2048PrivateKey) if err != nil { t.Fatalf("CreateCertificate: %v", err) } @@ -2294,7 +2298,7 @@ serverConfig := testConfig.Clone() serverConfig.MaxVersion = version serverConfig.Certificates = []Certificate{{ - Certificate: [][]byte{certDER}, + Certificate: [][]byte{certA}, PrivateKey: testECDSAPrivateKey, }} serverConfig.Time = func() time.Time { @@ -2319,7 +2323,7 @@ clientConfig := testConfig.Clone() clientConfig.MaxVersion = version clientConfig.Certificates = []Certificate{{ - Certificate: [][]byte{certDER}, + Certificate: [][]byte{certA}, PrivateKey: testECDSAPrivateKey, }} clientConfig.ClientSessionCache = NewLRUClientSessionCache(32) @@ -2347,6 +2351,8 @@ } testResume(t, serverConfig, clientConfig, false) testResume(t, serverConfig, clientConfig, true) + + clientConfig.Certificates[0].Certificate = [][]byte{certB} // Cause GetConfigForClient to return a config cloned from the base config, // but with a different ClientCAs pool. This should cause resumption to fail. @@ -2382,7 +2388,7 @@ rootA, err := x509.ParseCertificate(rootDER) if err != nil { t.Fatalf("ParseCertificate: %v", err) } - rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + rootDER, err = x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testRSA2048PrivateKey.PublicKey, testRSA2048PrivateKey) if err != nil { t.Fatalf("CreateCertificate: %v", err) } @@ -2398,7 +2404,11 @@ NotBefore: now.Add(-time.Hour * 24), NotAfter: now.Add(time.Hour * 24), KeyUsage: x509.KeyUsageDigitalSignature, } - certDER, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + certA, err := x509.CreateCertificate(rand.Reader, tmpl, rootA, &testECDSAPrivateKey.PublicKey, testECDSAPrivateKey) + if err != nil { + t.Fatalf("CreateCertificate: %v", err) + } + certB, err := x509.CreateCertificate(rand.Reader, tmpl, rootB, &testECDSAPrivateKey.PublicKey, testRSA2048PrivateKey) if err != nil { t.Fatalf("CreateCertificate: %v", err) } @@ -2406,7 +2416,7 @@ serverConfig := testConfig.Clone() serverConfig.MaxVersion = version serverConfig.Certificates = []Certificate{{ - Certificate: [][]byte{certDER}, + Certificate: [][]byte{certA}, PrivateKey: testECDSAPrivateKey, }} serverConfig.Time = func() time.Time { @@ -2421,7 +2431,7 @@ clientConfig := testConfig.Clone() clientConfig.MaxVersion = version clientConfig.Certificates = []Certificate{{ - Certificate: [][]byte{certDER}, + Certificate: [][]byte{certA}, PrivateKey: testECDSAPrivateKey, }} clientConfig.ClientSessionCache = NewLRUClientSessionCache(32) @@ -2453,6 +2463,8 @@ clientConfig = clientConfig.Clone() clientConfig.RootCAs = x509.NewCertPool() clientConfig.RootCAs.AddCert(rootB) + + serverConfig.Certificates[0].Certificate = [][]byte{certB} testResume(t, serverConfig, clientConfig, false) testResume(t, serverConfig, clientConfig, true) diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go index bfcc62ccfb8ba0698eaefff628a4c1936698bb34..40817a2378b3e727741caa689664c4e8a3f00f2a 100644 --- a/src/crypto/tls/tls_test.go +++ b/src/crypto/tls/tls_test.go @@ -572,6 +572,41 @@ t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") } } +func TestRealResumption(t *testing.T) { + testenv.MustHaveExternalNetwork(t) + + config := &Config{ + ServerName: "yahoo.com", + ClientSessionCache: NewLRUClientSessionCache(0), + } + + for range 10 { + conn, err := Dial("tcp", "yahoo.com:443", config) + if err != nil { + t.Log("Dial error:", err) + continue + } + // Do a read to consume the NewSessionTicket messages. + fmt.Fprintf(conn, "GET / HTTP/1.1\r\nHost: yahoo.com\r\nConnection: close\r\n\r\n") + conn.Read(make([]byte, 4096)) + conn.Close() + + conn, err = Dial("tcp", "yahoo.com:443", config) + if err != nil { + t.Log("second Dial error:", err) + continue + } + state := conn.ConnectionState() + conn.Close() + + if state.DidResume { + return + } + } + + t.Fatal("no connection used session resumption") +} + func TestConnCloseBreakingWrite(t *testing.T) { ln := newLocalListener(t) defer ln.Close()