Browse files

Expirement with SSL session resume

This writes the SSL session as PEM to /tmp/mysql_sess.pem
and it restores the session from the same file.

To inspect the session file:
openssl sess_id -in /tmp/mysql_sess.pem -noout -text

The result is that Ssl_sessions_reused will be set to 1.
show session status like 'Ssl_sessions_reused';

And with tcpdump/wireshark you can see that the client sends
a SessionTicket TLS (filter: ssl.handshake.extension.type == 0x0023)

See also:
  • Loading branch information...
dveeden committed May 5, 2015
1 parent 09ddec8 commit c55c561d4ed9843796d12c504850374d1a811030
Showing with 17 additions and 0 deletions.
  1. +17 −0 vio/viossl.c
@@ -376,6 +376,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
int r;
SSL *ssl;
SSL_SESSION *sslses;
FILE *fd;
struct stat sb;
my_socket sd= mysql_socket_getfd(vio->mysql_socket);
DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx",
@@ -409,13 +412,27 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout,
yaSSL_transport_set_send_function(ssl, yassl_send);
if (stat("/tmp/mysql_sess.pem", &sb) != -1) {
fd = fopen("/tmp/mysql_sess.pem","r");
sslses = PEM_read_SSL_SESSION(fd,NULL,0,NULL);
SSL_set_session(ssl, sslses);
if ((r= ssl_handshake_loop(vio, ssl, func, ssl_errno_holder)) < 1)
DBUG_PRINT("error", ("SSL_connect/accept failure"));
fd = fopen("/tmp/mysql_sess.pem", "w");
DBUG_PRINT("info",("Writing SSL Session to /tmp/mysql_sess.pem"));
sslses = SSL_get_session(ssl);
PEM_write_SSL_SESSION(fd, sslses);
Connection succeeded. Install new function handlers,
change type, set sd to the fd used when connecting

0 comments on commit c55c561

Please sign in to comment.