Skip to content

v1.5.0 Post-Quantum and Session Resumption
Compare
Choose a tag to compare
@gaukas gaukas released this 27 Aug 19:06
· 265 commits to master since this release
v1.5.0
This tag was signed with the committer’s verified signature.
gaukas Gaukas Wang
GPG key ID: 9E2F8986D76F8B5D
Learn about vigilant mode.
8094658
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

A big shout out to @3andne for spending time on major refactoring/revision in the Session Resumption for both TLS 1.2 (SessionTicket-based) and TLS 1.3 (PreSharedKey-based)!

New API

type ISessionTicketExtension interface {
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.2 session.
	InitializeByUtls(session *SessionState, ticket []byte)

	GetSession() *SessionState

	GetTicket() []byte
}

// SetSessionTicket sets the session ticket extension.
// If extension is nil, this will be a no-op.
func (uconn *UConn) SetSessionTicketExtension(sessionTicketExt ISessionTicketExtension)

type PreSharedKeyExtension interface {
	// TLSExtension must be implemented by all PreSharedKeyExtension implementations.
	TLSExtension

	// If false is returned, utls will invoke `InitializeByUtls()` for the necessary initialization.
	Initializable

	SetOmitEmptyPsk(val bool)

	// InitializeByUtls is invoked when IsInitialized() returns false.
	// It initializes the extension using a real and valid TLS 1.3 session.
	InitializeByUtls(session *SessionState, earlySecret []byte, binderKey []byte, identities []PskIdentity)

	// GetPreSharedKeyCommon retrieves the final PreSharedKey-related states as defined in PreSharedKeyCommon.
	GetPreSharedKeyCommon() PreSharedKeyCommon

	// PatchBuiltHello is called once the hello message is fully applied and marshaled.
	// Its purpose is to update the binders of PSK (Pre-Shared Key) identities.
	PatchBuiltHello(hello *PubClientHelloMsg) error

	mustEmbedUnimplementedPreSharedKeyExtension() // this works like a type guard
}

// SetPskExtension sets the psk extension for tls 1.3 resumption. This is a no-op if the psk is nil.
func (uconn *UConn) SetPskExtension(pskExt PreSharedKeyExtension) error

Full Changelog: v1.4.3...v1.5.0

Contributors

gaukas, zeeker999, and 3andne
Assets 2
Loading