Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: cleanup handshake state #39406
Fixes golang#39406 When use checkForResumption() function it could be side-effect sometime. 1. hs.sessionState will be changed and retained although the function return false. 2. hs.suite will be changed and retained when the statements below return false. So we should use a local variable, cilentSessionState, to replace hs.sessionState in the function. And move the set-suite statements down to avoid being changed too early.
Updates golang#39406 The process of checking server's cipher suites now is based on the logical relationship following: If the cipherSuite supports ECDHE,judge hs.ecdheOK ,then judge ecSignOK and rsaSignOk to check signer; if not supports, judge rsaOK. Then check if the suite needs tls1.2 version. This relationship is complicated, Fragile and hard to modify.Besides, it need 4 bool parameters in hs and a lot of "if...else" statements in cipherSuiteOk() function. So we can use one parameter, cipherSuite, to replace those 4 in hs.Then we just need two bit operations in cipherSuiteOK() instead of many "if...else"s.What we need to do is completing the const and cipherSuites list in cipher_suites.go(They are partially omitted based on logical relationship, which is not plain at all.)