Fixes for #594

- Use correct TcpDialer with cached registration

- Fix TTL unit in config file

- Add missing parameters test case

psiphon/common/parameters/parameters_test.go

@@ -144,6 +144,11 @@ func TestGetDefaultParameters(t *testing.T) {
 			if !reflect.DeepEqual(v, g) {
 				t.Fatalf("RegexStrings returned %+v expected %+v", g, v)
 			}
+		case FrontingSpecs:
+			g := p.Get().FrontingSpecs(name)
+			if !reflect.DeepEqual(v, g) {
+				t.Fatalf("FrontingSpecs returned %+v expected %+v", g, v)
+			}
 		default:
 			t.Fatalf("Unhandled default type: %s", name)
 		}

psiphon/common/refraction/refraction.go

@@ -372,6 +372,14 @@ func dial(
 		default:
 			return nil, errors.Tracef("invalid Conjure transport: %s", conjureConfig.Transport)
 		}
+
+		if conjureCachedRegistration != nil {
+
+			// When using a cached registration, patch its TcpDialer to use the custom
+			// dialer for this dial. In the non-cached code path, gotapdance will set
+			// refractionDialer.TcpDialer into a new registration.
+			conjureCachedRegistration.TcpDialer = refractionDialer.TcpDialer
+		}
 	}
 
 	// If the dial context is cancelled, use dialManager to interrupt
@@ -424,6 +432,13 @@ func dial(
 		// conjureRecordRegistrar.registration will be nil there was no cached
 		// registration _and_ registration didn't succeed before a cancel.
 		if registration != nil {
+
+			// Do not retain a reference to the custom dialer, as its context will not
+			// be valid for future dials using this cached registration. Assumes that
+			// gotapdance will no longer reference the TcpDialer now that the
+			// connection is established.
+			registration.TcpDialer = nil
+
 			conjureRegistrationCache.put(
 				conjureConfig.RegistrationCacheTTL,
 				conjureConfig.RegistrationCacheKey,

psiphon/config.go

@@ -1628,7 +1628,7 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 	}
 
 	if config.ConjureCachedRegistrationTTLSeconds != nil {
-		applyParameters[parameters.ConjureCachedRegistrationTTL] = fmt.Sprintf("%dms", *config.ConjureCachedRegistrationTTLSeconds)
+		applyParameters[parameters.ConjureCachedRegistrationTTL] = fmt.Sprintf("%ds", *config.ConjureCachedRegistrationTTLSeconds)
 	}
 
 	if config.ConjureAPIRegistrarURL != "" {

psiphon/tunnel.go

@@ -809,7 +809,7 @@ func dialTunnel(
 		// will be assigned the original public IP on network A; so there's some
 		// chance the registration cannot be reused.
 
-		cacheKey := dialParams.NetworkID + dialParams.ServerEntry.IpAddress
+		cacheKey := dialParams.NetworkID + "-" + dialParams.ServerEntry.IpAddress
 
 		conjureConfig := &refraction.ConjureConfig{
 			RegistrationCacheTTL: dialParams.ConjureCachedRegistrationTTL,
@@ -954,12 +954,6 @@ func dialTunnel(
 		return nil, errors.Trace(err)
 	}
 	sshCertChecker := &ssh.CertChecker{
-		IsHostAuthority: func(auth ssh.PublicKey, address string) bool {
-			// Psiphon servers do not currently use SSH certificates. This CertChecker
-			// code path may still be hit if a client attempts to connect using an
-			// obsolete server entry.
-			return false
-		},
 		HostKeyFallback: func(addr string, remote net.Addr, publicKey ssh.PublicKey) error {
 			if !bytes.Equal(expectedPublicKey, publicKey.Marshal()) {
 				return errors.TraceNew("unexpected host public key")