()
| 423 | } |
| 424 | |
| 425 | func (hs *serverHandshakeStateTLS13) checkForResumption() error { |
| 426 | c := hs.c |
| 427 | |
| 428 | if c.config.SessionTicketsDisabled { |
| 429 | return nil |
| 430 | } |
| 431 | |
| 432 | modeOK := false |
| 433 | for _, mode := range hs.clientHello.pskModes { |
| 434 | if mode == pskModeDHE { |
| 435 | modeOK = true |
| 436 | break |
| 437 | } |
| 438 | } |
| 439 | if !modeOK { |
| 440 | return nil |
| 441 | } |
| 442 | |
| 443 | if len(hs.clientHello.pskIdentities) != len(hs.clientHello.pskBinders) { |
| 444 | c.sendAlert(alertIllegalParameter) |
| 445 | return errors.New("tls: invalid or missing PSK binders") |
| 446 | } |
| 447 | if len(hs.clientHello.pskIdentities) == 0 { |
| 448 | return nil |
| 449 | } |
| 450 | |
| 451 | for i, identity := range hs.clientHello.pskIdentities { |
| 452 | if i >= maxClientPSKIdentities { |
| 453 | break |
| 454 | } |
| 455 | |
| 456 | var sessionState *SessionState |
| 457 | if c.config.UnwrapSession != nil { |
| 458 | var err error |
| 459 | sessionState, err = c.config.UnwrapSession(identity.label, c.connectionStateLocked()) |
| 460 | if err != nil { |
| 461 | return err |
| 462 | } |
| 463 | if sessionState == nil { |
| 464 | continue |
| 465 | } |
| 466 | } else { |
| 467 | plaintext := c.config.decryptTicket(identity.label, c.ticketKeys) |
| 468 | if plaintext == nil { |
| 469 | continue |
| 470 | } |
| 471 | var err error |
| 472 | sessionState, err = ParseSessionState(plaintext) |
| 473 | if err != nil { |
| 474 | continue |
| 475 | } |
| 476 | } |
| 477 | |
| 478 | if sessionState.version != VersionTLS13 { |
| 479 | continue |
| 480 | } |
| 481 | |
| 482 | createdAt := time.Unix(int64(sessionState.createdAt), 0) |
nothing calls this directly
no test coverage detected