diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-01-27 14:11:08 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2020-01-29 19:38:43 +0100 |
commit | b36b7abb40f04f265c0453a2f4beb466ed462976 (patch) | |
tree | 2353834692f75f65c9dfdace5dbe83f205bfe783 /src/network/ssl/qsslsocket_openssl_symbols_p.h | |
parent | 33c9a1e0bcf9c7ced67d5ec62225d6295671d33b (diff) |
Implement/fix session resumption with TLS 1.3
The session we cache at the end of a handshake is non-resumable
in TLS 1.3, since NewSessionTicket message appears quite some time
after the handshake was complete. OpenSSL has a callback where
we can finally obtain a resumable session and inform an application
about session ticket updated by emitting a signal. Truism: OpenSSL-only.
[ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3)
Fixes: QTBUG-81591
Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl_symbols_p.h')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols_p.h | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index baf1a43113..f35e0ba22b 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -224,7 +224,6 @@ QT_BEGIN_NAMESPACE // To reduce the amount of the change, I'm directly copying and pasting the // content of the header here. Later, can be better sorted/split into groups, // depending on the functionality. -//#include "qsslsocket_openssl11_symbols_p.h" const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); @@ -287,6 +286,23 @@ unsigned long q_SSL_set_options(SSL *s, unsigned long op); #ifdef TLS1_3_VERSION int q_SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); + +// The functions below do not really have to be ifdefed like this, but for now +// they only used in TLS 1.3 handshake (and probably future versions). +// Plus, 'is resumalbe' is OpenSSL 1.1.1-only (and again we need it for +// TLS 1.3-specific session management). + +extern "C" +{ +using NewSessionCallback = int (*)(SSL *, SSL_SESSION *); +} + +void q_SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, NewSessionCallback cb); +int q_SSL_SESSION_is_resumable(const SSL_SESSION *s); + +#define q_SSL_CTX_set_session_cache_mode(ctx,m) \ + q_SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) + #endif #if QT_CONFIG(dtls) |