vtls: compare and clone ssl configs properly

[mkauf]

Compare these settings in Curl_ssl_config_matches():

• verifystatus (CURLOPT_SSL_VERIFYSTATUS)
• sessionid (CURLOPT_SSL_SESSIONID_CACHE)
• random_file (CURLOPT_RANDOM_FILE)
• egdsocket (CURLOPT_EGDSOCKET)

Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(),
and copy the setting "sessionid" unconditionally.

This means that reusing connections that are secured with a client
certificate is now possible, and the statement "TLS session resumption
is disabled when a client certificate is used" in the old advisory at
https://curl.haxx.se/docs/adv_20170419.html is obsolete.

---

Additional information:

If you (the reviewers) agree, reusing connections that are secured with a client certificate is now officially possible. It was also possible before because of a bug. I think that it's OK to resume the TLS session if all the TLS settings (including the client certificate) are the same.

I have asked the curl security team whether it's OK to post this as a normal pull request, and they agreed.

These old advisories state that TLS session resumption is disabled when a client certificate is used:

• https://curl.haxx.se/docs/adv_20160803A.html
• https://curl.haxx.se/docs/adv_20170419.html

... but that's not true. I have tested with curl 7.55.1:

curl -v -k --cert /path/to/cert.pem --key /path/to/key.pem -H "Connection: close" https://localhost/1 https://localhost/2

Output:

* Closing connection 0
...
* SSL re-using session ID
...
* Closing connection 1

Source code analysis:

There's this code in Curl_clone_primary_ssl_config(), vtls.c:

dest->sessionid = (dest->clientcert ? false : source->sessionid);

This sets the "sessionid" flag in the connection object (struct connectdata). But the code that checks whether TLS session resumption is possible does not look at the connection, it looks at the easy handle (struct Curl_easy).

In Curl_ssl_getsessionid():

  if(!SSL_SET_OPTION(primary.sessionid))
    /* session ID re-use is disabled */
    return TRUE;

In ossl_connect_step1():

  /* Check if there's a cached ID we can/should use here! */
  if(SSL_SET_OPTION(primary.sessionid)) {

This pull request cleans things up and allows reusing connections that are secured with a client certificate.

[bagder]

What's the argument to require the same random file and egdsocket settings? They're used to seed the PRNG so I don't see how they disqualify reuse if set to different values for different connections. (although I suspect both of them are very rarely used so in reality this change will hardly affect any users)

[mkauf]

Interesting point... I think that the security of the SSL encryption depends on these settings. For example, if easy handle A does not use an EGD socket, but easy handle B does (for "extra security"), then A's connection should not be reused for B, because the security properties differ. (the other way round may be OK... it depends on the quality of the EGD)

I don't know whether Curl_ssl_config_matches should compare every ssl setting, or whether it should be written with a focus on connection reuse (maybe the function name should be changed in this case).

If we focus on connection reuse, it's probably also not necessary (or even a bad idea) to compare the sessionid flag.

[mkauf]

If we focus on connection reuse, it's probably also not necessary (or even a bad idea) to compare the sessionid flag.

To address this, I have added a second commit: sessionid is not compared anymore.

[mkauf]

@bagder Thanks a lot for reviewing!