From b36b7abb40f04f265c0453a2f4beb466ed462976 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Mon, 27 Jan 2020 14:11:08 +0100
Subject: Implement/fix session resumption with TLS 1.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The session we cache at the end of a handshake is non-resumable
in TLS 1.3, since NewSessionTicket message appears quite some time
after the handshake was complete. OpenSSL has a callback where
we can finally obtain a resumable session and inform an application
about session ticket updated by emitting a signal. Truism: OpenSSL-only.

[ChangeLog][QtNetwork] A new signal introduced to report when a valid session ticket received (TLS 1.3)

Fixes: QTBUG-81591
Change-Id: I4d22fad5cc082e431577e20ddbda2835e864b511
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/ssl/qsslsocket_openssl_symbols.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/network/ssl/qsslsocket_openssl_symbols.cpp')

diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 3504924888..71a268ae6e 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -159,6 +159,8 @@ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long
 #ifdef TLS1_3_VERSION
 DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
 DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
+DEFINEFUNC2(void, SSL_CTX_sess_set_new_cb, SSL_CTX *ctx, ctx, NewSessionCallback cb, cb, return, return)
+DEFINEFUNC(int, SSL_SESSION_is_resumable, const SSL_SESSION *s, s, return 0, return)
 #endif
 DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return)
 DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return)
@@ -843,6 +845,8 @@ bool q_resolveOpenSslSymbols()
 #ifdef TLS1_3_VERSION
     RESOLVEFUNC(SSL_CTX_set_ciphersuites)
     RESOLVEFUNC(SSL_set_psk_use_session_callback)
+    RESOLVEFUNC(SSL_CTX_sess_set_new_cb)
+    RESOLVEFUNC(SSL_SESSION_is_resumable)
 #endif // TLS 1.3 or OpenSSL > 1.1.1
 
     RESOLVEFUNC(SSL_get_client_random)
-- 
cgit v1.2.3