Add service identity to SSL socket and use in ticket cache

Summary:Allow applications to specify a service identity tied to an SSLSocket that can be used as a ticket cache key. Further, add the cache key to the SSL_SESSION object and serialize it. Reviewed By: siyengar Differential Revision: D2991005 fb-gh-sync-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28 shipit-source-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28

Add service identity to SSL socket and use in ticket cache
Summary:Allow applications to specify a service identity tied to an SSLSocket that can be used as a ticket cache key. Further, add the cache key to the SSL_SESSION object and serialize it. Reviewed By: siyengar Differential Revision: D2991005 fb-gh-sync-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28 shipit-source-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28
41e2f6d4 · Neel Goyal · Facebook Github Bot 4 · c85159a3 · 41e2f6d4
Commit 41e2f6d4 authored Mar 03, 2016 by Neel Goyal Committed by Facebook Github Bot 4 Mar 03, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

folly/io/async/AsyncSSLSocket.h folly/io/async/AsyncSSLSocket.h +10 -0

No files found.
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -755,6 +755,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {
   */
  void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }

+  const std::string& getServiceIdentity() const { return serviceIdentity_; }
+
+  void setServiceIdentity(std::string serviceIdentity) {
+    serviceIdentity_ = std::move(serviceIdentity);
+  }
+
 private:

  void init();
@@ -866,6 +872,10 @@ class AsyncSSLSocket : public virtual AsyncSocket {
  std::shared_ptr<folly::SSLContext> handshakeCtx_;
  std::string tlsextHostname_;
 #endif
+
+  // a service identity that this socket/connection is associated with
+  std::string serviceIdentity_;
+
  folly::SSLContext::SSLVerifyPeerEnum
    verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};