obfuscated_ticket_age must also be reset when comparing. Thanks to Eric Rescorla for catching this. Change-Id: Id0a024d7f705519cfe76d350e0ef2688dbd11a22 Reviewed-on: https://boringssl-review.googlesource.com/12303 Reviewed-by: Nick Harper <nharper@chromium.org> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: ea80f9d5df4c302de391e999395e1c87f9c786b3 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Nov 15 18:19:55 2016 +0900
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Nov 15 21:56:03 2016 +0000
tree: 0b23af84e2f3b44c46846468f4f615a48ed6af29
parent: 75f9914e1783ea0ef0191434e4aa00ae5abde4be [diff] [blame]
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 738668d..57879f9 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -637,6 +637,15 @@
 			}
 			newClientHelloCopy.tls13Cookie = nil
 		}
+
+		// PSK binders and obfuscated ticket age are both updated in the
+		// second ClientHello.
+		if len(oldClientHelloCopy.pskIdentities) != len(newClientHelloCopy.pskIdentities) {
+			return errors.New("tls: PSK identity count from old and new ClientHello do not match")
+		}
+		for i, identity := range oldClientHelloCopy.pskIdentities {
+			newClientHelloCopy.pskIdentities[i].obfuscatedTicketAge = identity.obfuscatedTicketAge
+		}
 		newClientHelloCopy.pskBinders = oldClientHelloCopy.pskBinders
 
 		if !oldClientHelloCopy.equal(&newClientHelloCopy) {
commit	ea80f9d5df4c302de391e999395e1c87f9c786b3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Nov 15 18:19:55 2016 +0900
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Nov 15 21:56:03 2016 +0000
tree	0b23af84e2f3b44c46846468f4f615a48ed6af29
parent	75f9914e1783ea0ef0191434e4aa00ae5abde4be [diff] [blame]