TLS logging for session resumption 1.3

[rtkrruvinskiy]

We assume session resumption has occurred if the Client Hello message included
a session id, we have not seen the server certificate, but we have seen a
Change Cipher Spec message from the server.

Previously, these transactions were not logged at all because the server cert
was never seen.

https://redmine.openinfosecfoundation.org/issues/1969

Replaces #2555

[inliniac]

@thus I'll consider this once you sign off on it

[thus]

Prscript:

• PR thus-pcap: https://buildbot.openinfosecfoundation.org/builders/thus-pcap/builds/105
• PR thus: https://buildbot.openinfosecfoundation.org/builders/thus/builds/105

[thus]

@inliniac: It looks good to me.

[inliniac]

I missed this previously: as a EVE option is added we'll need an update to the docs as well.

[inliniac]

https://github.com/inliniac/suricata/blob/master/doc/userguide/output/eve/eve-json-format.rst should be updated, but it should probably wait until https://github.com/inliniac/suricata/pull/2568/files#diff-7823d9d82df45a9858e8925a6259022e is merged (or a newer version of it)

[inliniac]

https://github.com/inliniac/suricata/blob/master/doc/userguide/configuration/suricata-yaml.rst#eve-extensible-event-format as well

[rtkrruvinskiy]

@inliniac To clarify, should I resubmit this PR with the requested doc updates?

[inliniac]

On 20-02-17 19:26, Ray Ruvinskiy wrote: @inliniac <https://github.com/inliniac> To clarify, should I resubmit this PR with the requested doc updates?

Yes please! Thanks!

[rtkrruvinskiy]

Per your suggestion, I'll resubmit after #2580 or its successor is merged. Thanks!

[rtkrruvinskiy]

Replaced by #2602