// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package tls

var _ = &Config{WrapSession: (&Config{}).EncryptTicket}

	//           };
	//       };
	//   } SessionState;
	//

	// Extra is ignored by crypto/tls, but is encoded by [SessionState.Bytes]
	// and parsed by [ParseSessionState].
	//
	// This allows [Config.UnwrapSession]/[Config.WrapSession] and
	// [ClientSessionCache] implementations to store and retrieve additional
	// data alongside this session.
	//
	// To allow different layers in a protocol stack to share this field,

	// session resumption. It is only used by clients.
	ClientSessionCache ClientSessionCache

	// UnwrapSession is called on the server to turn a ticket/identity
	// previously produced by [WrapSession] into a usable session.
	//
	// UnwrapSession will usually either decrypt a session state in the ticket
	// (for example with [Config.EncryptTicket]), or use the ticket as a handle

func (hs *serverHandshakeState) checkForResumption() error {
	c := hs.c

	if c.config.SessionTicketsDisabled {
		return nil
	}

	var sessionState *SessionState
	if c.config.UnwrapSession != nil {
		ss, err := c.config.UnwrapSession(hs.clientHello.sessionTicket, c.connectionStateLocked())
		if err != nil {
			return err
		}
		if ss == nil {
			return nil
		}
		sessionState = ss
	} else {

	}

	for i, identity := range hs.clientHello.pskIdentities {
		if i >= maxClientPSKIdentities {
			break
		}

		var sessionState *SessionState
		if c.config.UnwrapSession != nil {
			var err error
			sessionState, err = c.config.UnwrapSession(identity.label, c.connectionStateLocked())
			if err != nil {
				return err
			}
			if sessionState == nil {
				continue
			}
		} else {

			called |= 1 << 4
			return nil
		},
		VerifyConnection: func(ConnectionState) error {
			called |= 1 << 5
			return nil
		},
		UnwrapSession: func(identity []byte, cs ConnectionState) (*SessionState, error) {
			called |= 1 << 6
			return nil, nil
		},
		WrapSession: func(cs ConnectionState, ss *SessionState) ([]byte, error) {
			called |= 1 << 7

pkg crypto/tls, method (QUICEncryptionLevel) String() string #44886
pkg crypto/tls, method (*SessionState) Bytes() ([]uint8, error) #60105
pkg crypto/tls, type AlertError uint8 #44886
pkg crypto/tls, type Config struct, UnwrapSession func([]uint8, ConnectionState) (*SessionState, error) #60105
pkg crypto/tls, type Config struct, WrapSession func(ConnectionState, *SessionState) ([]uint8, error) #60105
pkg crypto/tls, type QUICConfig struct #44886

		{"Config.RootCAs", Field, 0},
		{"Config.ServerName", Field, 0},
		{"Config.SessionTicketKey", Field, 1},
		{"Config.SessionTicketsDisabled", Field, 1},
		{"Config.Time", Field, 0},
		{"Config.UnwrapSession", Field, 21},
		{"Config.VerifyConnection", Field, 15},
		{"Config.VerifyPeerCertificate", Field, 8},
		{"Config.WrapSession", Field, 21},
		{"Conn", Type, 0},
		{"ConnectionState", Type, 0},