crypto/tls: VerifyConnection is called twice by tls 1.3 servers if connection is resumed #39012
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
When using session resumption on a TLS 1.3 server with VerifyConnection set it will be called twice when a session is resumed. This looks like it's happening because it gets called once in
checkForResumption
, which callsprocessCertsFromClient
, and then again whenreadClientCertificate
callsVerifyConnection
if ClientAuth is set to ignore client certs (also because PSK resumption). This appears to work as expected in 1.2.It seems like perhaps
VerifyConnection
should be decoupled fromprocessCertsFromClient
and handled somewhere else inhandshake
? (I don't have any concrete suggestion of where would be better though.)Minimal(ish) repro:
cc @FiloSottile @katiehockman
The text was updated successfully, but these errors were encountered: