]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 4f9c343) | patch
crypto/tls: add verifiedChains expiration checking during resumption
authorRoland Shoemaker <roland@golang.org>
Mon, 26 Jan 2026 18:55:32 +0000 (10:55 -0800)
committerGopher Robot <gobot@golang.org>
Wed, 28 Jan 2026 16:13:28 +0000 (08:13 -0800)
commit133b339ca546937919ee3a8027f15470ebeb88b9
treec49d90807ce8bac22aecf5bd8c7764dcadc5b68ctree
parent4f9c3439a37314e63bdae7dad7abfded1647bed2commit | diff
crypto/tls: add verifiedChains expiration checking during resumption

When resuming a session, check that the verifiedChains contain at least
one chain that is still valid at the time of resumption. If not, trigger
a new handshake.

Updates #77113
Updates #77217
Updates CVE-2025-68121

Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e
Reviewed-on: https://go-review.googlesource.com/c/go/+/739321
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
src/crypto/tls/common.go diff | blob | history
src/crypto/tls/handshake_client.go diff | blob | history
src/crypto/tls/handshake_server.go diff | blob | history
src/crypto/tls/handshake_server_test.go diff | blob | history
src/crypto/tls/handshake_server_tls13.go diff | blob | history
Go GOST TLS 1.3