From 989cf77b4e70bdb79b28271dc7f9394e59a48ddf Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 10 May 2025 23:12:35 -0400 Subject: [PATCH] crypto/tls: add missing RUnlock in ticketKeys If GetConfigForClient returns a tls.Config that has SessionTicketsDisabled set, the TLS server handshake currently leaves the Config's internal RWMutex read locked after calculating the ticketKeys to use for the handshake. Change-Id: I07e450a0d2edda9e80f51fc2c20af633aa271684 GitHub-Last-Rev: 693d7ac GitHub-Pull-Request: #68607 Reviewed-on: https://go-review.googlesource.com/c/go/+/601335 LUCI-TryBot-Result: Go LUCI Reviewed-by: Sean Liao Reviewed-by: Cherry Mui Auto-Submit: Sean Liao Reviewed-by: Roland Shoemaker --- common.go | 1 + 1 file changed, 1 insertion(+) diff --git a/common.go b/common.go index 6e224b5..f8243f1 100644 --- a/common.go +++ b/common.go @@ -1039,6 +1039,7 @@ func (c *Config) ticketKeys(configForClient *Config) []ticketKey { if configForClient != nil { configForClient.mutex.RLock() if configForClient.SessionTicketsDisabled { + configForClient.mutex.RUnlock() return nil } configForClient.initLegacySessionTicketKeyRLocked()