#3880: NetSSL_OpenSSL: Support session resumption with TLSv1.3

2025-10-22 08:02:06 +02:00 · 2023-06-06 13:06:02 +02:00
parent a9ad113742
commit 8f764e3505
7 changed files with 58 additions and 25 deletions
--- a/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h
@@ -287,6 +287,10 @@ protected:
 		/// Returns the index for SSL_CTX_set_ex_data() and SSL_CTX_get_ex_data() to
 		/// store the Context* in the underlying SSL_CTX.

+	int socketIndex() const;
+		/// Returns the index for SSL_set_ex_data() and SSL_get_ex_data() to
+		/// store the SecureSocketImpl* in the underlying SSL.
+
 private:
 	SSLManager();
 		/// Creates the SSLManager.
@@ -320,6 +324,7 @@ private:
 	PrivateKeyPassphraseHandlerPtr   _ptrClientPassphraseHandler;
 	InvalidCertificateHandlerPtr     _ptrClientCertificateHandler;
 	int                              _contextIndex;
+	int                              _socketIndex;
 	Poco::FastMutex                  _mutex;

 	static const std::string CFG_PRIV_KEY_FILE;
@@ -359,6 +364,7 @@ private:

 	friend class Poco::SingletonHolder<SSLManager>;
 	friend class Context;
+	friend class SecureSocketImpl;
 };


@@ -405,6 +411,12 @@ inline int SSLManager::contextIndex() const
 }


+inline int SSLManager::socketIndex() const
+{
+	return _socketIndex;
+}
+
+
 } } // namespace Poco::Net


--- a/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h
@@ -280,6 +280,9 @@ protected:
 		/// Note that simply closing a socket is not sufficient
 		/// to be able to re-use it again.

+	static int onSessionCreated(SSL* pSSL, SSL_SESSION* pSession);
+		/// Callback to handle new session data sent by server.
+
 private:
 	SecureSocketImpl(const SecureSocketImpl&);
 	SecureSocketImpl& operator = (const SecureSocketImpl&);
@@ -293,6 +296,7 @@ private:
 	bool _bidirectShutdown = true;

 	friend class SecureStreamSocketImpl;
+	friend class Context;
 };


--- a/NetSSL_OpenSSL/include/Poco/Net/Session.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/Session.h
@@ -42,6 +42,9 @@ public:
 	SSL_SESSION* sslSession() const;
 		/// Returns the stored OpenSSL SSL_SESSION object.

+	bool isResumable() const;
+		/// Returns true if the session is resumable.
+
 protected:
 	Session(SSL_SESSION* pSession);
 		/// Creates a new Session object, using the given