crypto/tls: check if quic conn can send session ticket

On SendSessionTicket, returns nil if SessionTicketsDisabled is disabled in config.

Fixes #62032

Change-Id: Id0c89e2e6fb0805bbf108bb0cafdabdfbaf3897f
Reviewed-on: https://go-review.googlesource.com/c/go/+/528755
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>

2 files changed, 15 insertions, 0 deletions

diff --git a/src/crypto/tls/quic.go b/src/crypto/tls/quic.go
index ba8a235d84..ed70100d11 100644
--- a/src/crypto/tls/quic.go
+++ b/src/crypto/tls/quic.go
@@ -302,6 +302,9 @@ type QUICSessionTicketOptions struct {
 // Currently, it can only be called once.
 func (q *QUICConn) SendSessionTicket(opts QUICSessionTicketOptions) error {
 	c := q.conn
+	if c.config.SessionTicketsDisabled {
+		return nil
+	}
 	if !c.isHandshakeComplete.Load() {
 		return quicError(errors.New("tls: SendSessionTicket called before handshake completed"))
 	}
diff --git a/src/crypto/tls/quic_test.go b/src/crypto/tls/quic_test.go
index 51cd4ef765..f6e8c55d9d 100644
--- a/src/crypto/tls/quic_test.go
+++ b/src/crypto/tls/quic_test.go
@@ -231,6 +231,18 @@ func TestQUICSessionResumption(t *testing.T) {
 	if !cli2.conn.ConnectionState().DidResume {
 		t.Errorf("second connection did not use session resumption")
 	}
+
+	clientConfig.TLSConfig.SessionTicketsDisabled = true
+	cli3 := newTestQUICClient(t, clientConfig)
+	cli3.conn.SetTransportParameters(nil)
+	srv3 := newTestQUICServer(t, serverConfig)
+	srv3.conn.SetTransportParameters(nil)
+	if err := runTestQUICConnection(context.Background(), cli3, srv3, nil); err != nil {
+		t.Fatalf("error during third connection handshake: %v", err)
+	}
+	if cli3.conn.ConnectionState().DidResume {
+		t.Errorf("third connection unexpectedly used session resumption")
+	}
 }
 
 func TestQUICFragmentaryData(t *testing.T) {