()
| 543 | } |
| 544 | |
| 545 | func (hs *serverHandshakeState) doResumeHandshake() error { |
| 546 | c := hs.c |
| 547 | |
| 548 | hs.hello.cipherSuite = hs.suite.id |
| 549 | c.cipherSuite = hs.suite.id |
| 550 | // We echo the client's session ID in the ServerHello to let it know |
| 551 | // that we're doing a resumption. |
| 552 | hs.hello.sessionId = hs.clientHello.sessionId |
| 553 | // We always send a new session ticket, even if it wraps the same master |
| 554 | // secret and it's potentially encrypted with the same key, to help the |
| 555 | // client avoid cross-connection tracking from a network observer. |
| 556 | hs.hello.ticketSupported = true |
| 557 | hs.finishedHash = newFinishedHash(c.vers, hs.suite) |
| 558 | hs.finishedHash.discardHandshakeBuffer() |
| 559 | if err := transcriptMsg(hs.clientHello, &hs.finishedHash); err != nil { |
| 560 | return err |
| 561 | } |
| 562 | if _, err := hs.c.writeHandshakeRecord(hs.hello, &hs.finishedHash); err != nil { |
| 563 | return err |
| 564 | } |
| 565 | |
| 566 | if c.config.VerifyConnection != nil { |
| 567 | if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil { |
| 568 | c.sendAlert(alertBadCertificate) |
| 569 | return err |
| 570 | } |
| 571 | } |
| 572 | |
| 573 | hs.masterSecret = hs.sessionState.secret |
| 574 | |
| 575 | return nil |
| 576 | } |
| 577 | |
| 578 | func (hs *serverHandshakeState) doFullHandshake() error { |
| 579 | c := hs.c |
no test coverage detected