diff options
author | Roland Shoemaker <rolandshoemaker@gmail.com> | 2020-05-15 12:49:04 -0700 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2020-06-09 23:24:08 +0000 |
commit | 7b872b6d955d3e749ea62dbfced68ab5c61eae91 (patch) | |
tree | 0ec8ecb24dd9a398564f620a689043517bab17c0 /doc | |
parent | c4f77b11df3ab8c3a717ef7f57f957c491d57c8e (diff) | |
download | go-7b872b6d955d3e749ea62dbfced68ab5c61eae91.tar.gz go-7b872b6d955d3e749ea62dbfced68ab5c61eae91.zip |
crypto/tls: restore OCSP and SCTs during session resumption
Restore previously sent SCTs and stapled OCSP response during session
resumption for both TLS 1.2 and 1.3. This behavior is somewhat
complicated for TLS 1.2 as SCTs are sent during the server hello,
so they override what is saved in ClientSessionState. It is likely
that if the server is sending a different set of SCTs there is probably
a reason for doing so, such as a log being retired, or SCT validation
requirements changing, so it makes sense to defer to the server in
that case.
Fixes #39075
Change-Id: I3c0fa2f69c6bf0247a447c48a1b4c733a882a233
Reviewed-on: https://go-review.googlesource.com/c/go/+/234237
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.15.html | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/go1.15.html b/doc/go1.15.html index 50f4fea5bc..ffe9d26dc7 100644 --- a/doc/go1.15.html +++ b/doc/go1.15.html @@ -478,6 +478,12 @@ Do not send CLs removing the interior tags from such phrases. <a href="/pkg/crypto/tls/#ClientAuthType"><code>ClientAuthType</code></a> now implement <a href="/pkg/fmt/#Stringer"><code>fmt.Stringer</code></a>. </p> + + <p><!-- CL 236737 --> + The <a href="/pkg/crypto/tls/#ConnectionState"><code>ConnectionState</code></a> + fields <code>OCSPResponse</code> and <code>SignedCertificateTimestamps</code> + are now repopulated on client-side resumed connections. + </p> </dd> </dl><!-- crypto/tls --> |