openssl: support session resume with TLS 1.3 #3271
Conversation
Session resumption information is not available immediately after a TLS 1.3 handshake. The client must wait until the server has sent a session ticket. Use OpenSSL's "new session" callback to get the session information and put it into curl's session cache. For TLS 1.3 sessions, this callback will be invoked after the server has sent a session ticket. The "new session" callback is invoked only if OpenSSL's session cache is enabled, so enable it and use the "external storage" mode which lets curl manage the contents of the session cache. A pointer to the connection data and the sockindex are now saved as "SSL extra data" to make them available to the callback. This approach also works for old SSL/TLS versions and old OpenSSL versions. Fixes curl#3202
|
I have tested the TLS 1.3 session resumption with OpenSSL 1.1.1 and BoringSSL (current master). I have also tested that the session resumption for older TLS versions still works with OpenSSL 0.9.7 (after applying #3266) and with LibreSSL 2.8.2. |
|
That's just great @mkauf! |
| */ | ||
| static int ossl_get_ssl_conn_index(void) | ||
| { | ||
| static int ssl_ex_data_conn_index = -1; |
There was a problem hiding this comment.
Will the use of static like this not make this function (possibly) fail when used threaded ?
There was a problem hiding this comment.
This function is called during the initialization by Curl_ossl_init(), which is called by curl_global_init(). It's documented that curl_global_init() is not thread-safe.
After initialization, the static variable is read-only, so it should work when used threaded.
| int sockindex_idx = ossl_get_ssl_sockindex_index(); | ||
|
|
||
| if(connectdata_idx < 0 || sockindex_idx < 0) | ||
| return res; |
There was a problem hiding this comment.
Maybe just return 0; here so that we don't need to check what 'res' contains?
|
|
||
| conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx); | ||
| if(!conn) | ||
| return res; |
|
@bagder The BoringSSL autobuild https://curl.haxx.se/dev/log.cgi?id=20181122015322-7075 fails: This happens when curl is compiled with BoringSSL, but uses So I think the autobuild does not use BoringSSL correctly... this can probably be fixed by setting |
|
I was just about to write an issue for this, only finding this here in the closed PR as I was about to click save. Can you open an issue for this instead to keep us from not forgetting this? |
|
@danielgustafsson The configurations of the autobuilds are managed by individual developrs, they are not part of curl's source code. So creating an issue doesn't help. @bagder can you please (try to) fix the BoringSSL autobuild? The autobuild compiles with BoringSSL but uses OpenSSL at runtime. |
|
Thanks @mkauf, I've now updated my BoringSSL build script to set the |
|
I've just bumped into this; Is there an s_client test for it? |
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.
Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.
The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.
A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.
This approach also works for old SSL/TLS versions and old OpenSSL versions.
Fixes #3202