QSslConfiguration: add API to persist and resume SSL sessions

Session tickets can be cached on the client side for hours (e.g.
graph.facebook.com: ~ 24 hours, api.twitter.com: 4 hours), because the
server does not need to maintain state.
We need public API for it so an application can cache the session (e.g.
to disk) and resume a session already with the 1st handshake, saving
one network round trip.

Task-number: QTBUG-20668
Change-Id: I10255932dcd528ee1231538cb72b52b97f9f4a3c
Reviewed-by: Richard J. Moore <rich@kde.org>

1 files changed, 59 insertions, 0 deletions

diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
index 97f9667140..81c3e48d61 100644
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@@ -367,6 +367,8 @@ private Q_SLOTS:
 #ifdef QT_BUILD_INTERNAL
     void sslSessionSharing_data();
     void sslSessionSharing();
+    void sslSessionSharingFromPersistentSession_data();
+    void sslSessionSharingFromPersistentSession();
 #endif
 #endif
 
@@ -5966,6 +5968,63 @@ void tst_QNetworkReply::sslSessionSharingHelperSlot()
     }
 }
 
+void tst_QNetworkReply::sslSessionSharingFromPersistentSession_data()
+{
+    QTest::addColumn<bool>("sessionPersistenceEnabled");
+    QTest::newRow("enabled") << true;
+    QTest::newRow("disabled") << false;
+}
+
+void tst_QNetworkReply::sslSessionSharingFromPersistentSession()
+{
+    QString urlString("https://" + QtNetworkSettings::serverName());
+
+    // warm up SSL session cache to get a working session
+    QNetworkRequest warmupRequest(urlString);
+    QFETCH(bool, sessionPersistenceEnabled);
+    if (sessionPersistenceEnabled) {
+        QSslConfiguration warmupConfiguration(QSslConfiguration::defaultConfiguration());
+        warmupConfiguration.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
+        warmupRequest.setSslConfiguration(warmupConfiguration);
+    }
+    QNetworkReply *warmupReply = manager.get(warmupRequest);
+    warmupReply->ignoreSslErrors();
+    connect(warmupReply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(20);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+    QCOMPARE(warmupReply->error(), QNetworkReply::NoError);
+    QByteArray sslSession = warmupReply->sslConfiguration().session();
+    QCOMPARE(!sslSession.isEmpty(), sessionPersistenceEnabled);
+
+    // test server sends a life time hint of 0, which is not common
+    // practice; however it is good enough because the default is -1
+    int expectedSessionTicketLifeTimeHint = sessionPersistenceEnabled ? 0 : -1;
+    QCOMPARE(warmupReply->sslConfiguration().sessionTicketLifeTimeHint(),
+             expectedSessionTicketLifeTimeHint);
+
+    warmupReply->deleteLater();
+
+    // now send another request with a new QNAM and the persisted session,
+    // to verify it can be resumed without any internal state
+    QNetworkRequest request(warmupRequest);
+    if (sessionPersistenceEnabled) {
+        QSslConfiguration configuration = request.sslConfiguration();
+        configuration.setSession(sslSession);
+        request.setSslConfiguration(configuration);
+    }
+    QNetworkAccessManager newManager;
+    QNetworkReply *reply = newManager.get(request);
+    reply->ignoreSslErrors();
+    connect(reply, SIGNAL(finished()), &QTestEventLoop::instance(), SLOT(exitLoop()));
+    QTestEventLoop::instance().enterLoop(20);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+    QCOMPARE(reply->error(), QNetworkReply::NoError);
+
+    bool sslSessionSharingWasUsedInReply = QSslConfigurationPrivate::peerSessionWasShared(
+                reply->sslConfiguration());
+    QCOMPARE(sessionPersistenceEnabled, sslSessionSharingWasUsedInReply);
+}
+
 #endif // QT_BUILD_INTERNAL
 #endif // QT_NO_SSL