#9969 Expose SSL_session_reused. #9978
Conversation
|
This is read for review. Thanks! Maybe it needs a release note? |
|
I now see #8675 There are 2 things here: session cache vs session reuse. The server/client can have session cache disabled and still reuse the session. For example a session is initiated between server and client via connection A. The client can initiate a new connection B to the server and setup the connection B via |
| @@ -112,3 +112,16 @@ def test_rust_internal_error(self): | |||
| assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH | |||
| if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL: | |||
| assert b"data not multiple of block length" in error.reason_text | |||
|
|
|||
| def test_ssl_session_reused_new(self): | |||
There was a problem hiding this comment.
No need for a test, we don't add them for all bindings.
There was a problem hiding this comment.
Is this a request to remove the test?
I think that a test can help with any accedental removal of the API.
It can also serve as an example on how to use the API.
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
Thanks Alex for the review. This should be ready for another review. I hope all is ok. I have removed the test. I was not expecting a request to submit a PR without tests. I don't understand why is bad to have that test. The test was kind a reminder that the binding in important and it should not be removed at the next "great purge". No hard feelings. I am happy to have the new API available with or without tests. Thanks for maintaining |
There was a problem hiding this comment.
The reason we don't add tests for bindings is that they're not actually testing anything about this project, except that we bound the function correctly -- but that's handled in other ways.
We'll know not to remove this because a) it'll be used in pyOpenSSL (which we test in CI), b) we check the commit history before removing something.
Fixes #9969
This (re)adds the
SSL_session_reusedAPI.I think that this API is criticial.
First, this complements the already supported
int SSL_set_session(SSL *, SSL_SESSION *);to allow you to verify that after the handshake the session was reused.Second, when implementing an FTPS server, this API is the only way to make sure you don't end up with hijacked FTP data connection.
I only added a simple tests to check that the API is there.
Let me know if more tests are required.
Thanks