Commit 9773cb4a authored by Andrew Huang's avatar Andrew Huang Committed by Facebook GitHub Bot

Add API for setting OpenSSL sessions in AsyncSSLSocket

Summary: Add API set (but not get) an OpenSSL session. This is intended to handle the situation where the user already has a TLS1.3 resumable session. For example, this currently occurs when the user obtains a session through wangle's SSLSessionCallbacks.

Reviewed By: mingtaoy

Differential Revision: D22285536

fbshipit-source-id: 7ad8be501909dbb80ab74624991415e74441ef6e
parent aa990652
...@@ -927,6 +927,10 @@ void AsyncSSLSocket::setSSLSessionV2(shared_ptr<ssl::SSLSession> session) { ...@@ -927,6 +927,10 @@ void AsyncSSLSocket::setSSLSessionV2(shared_ptr<ssl::SSLSession> session) {
sslSessionManager_.setSession(session); sslSessionManager_.setSession(session);
} }
void AsyncSSLSocket::setRawSSLSession(SSLSessionUniquePtr session) {
sslSessionManager_.setRawSession(std::move(session));
}
void AsyncSSLSocket::getSelectedNextProtocol( void AsyncSSLSocket::getSelectedNextProtocol(
const unsigned char** protoName, const unsigned char** protoName,
unsigned* protoLen) const { unsigned* protoLen) const {
......
...@@ -522,6 +522,8 @@ class AsyncSSLSocket : public AsyncSocket { ...@@ -522,6 +522,8 @@ class AsyncSSLSocket : public AsyncSocket {
const SSL* getSSL() const; const SSL* getSSL() const;
/** /**
* DEPRECATED. Will eventually be removed. Please use setSSLSessionV2.
*
* Set the SSL session to be used during sslConn. AsyncSSLSocket will * Set the SSL session to be used during sslConn. AsyncSSLSocket will
* hold a reference to the session until it is destroyed or released by the * hold a reference to the session until it is destroyed or released by the
* underlying SSL structure. * underlying SSL structure.
...@@ -532,12 +534,22 @@ class AsyncSSLSocket : public AsyncSocket { ...@@ -532,12 +534,22 @@ class AsyncSSLSocket : public AsyncSocket {
void setSSLSession(SSL_SESSION* session, bool takeOwnership = false); void setSSLSession(SSL_SESSION* session, bool takeOwnership = false);
/** /**
* Currently unsupported. Eventually intended to replace setSSLSession() * Set the SSL session to be used during sslConn.
* once TLS 1.3 is enabled by default.
* Set the abstracted SSL session to be used during sslConn.
*/ */
void setSSLSessionV2(std::shared_ptr<ssl::SSLSession> session); void setSSLSessionV2(std::shared_ptr<ssl::SSLSession> session);
/**
* Note: This function exists for compatibility reasons. It is strongly
* recommended to use setSSLSessionV2 instead. After setRawSSLSession is
* called, subsequent calls to getSSLSession on the socket will return null.
*
* Set the SSL session to be used during sslConn.
* If the caller wishes to resume the session in TLS 1.3, the caller
* is responsible for ensuring that the session is resumable.
* If the session is not resumable, then a full handshake will be performed.
*/
void setRawSSLSession(folly::ssl::SSLSessionUniquePtr session);
/** /**
* Get the name of the protocol selected by the client during * Get the name of the protocol selected by the client during
* Application Layer Protocol Negotiation (ALPN) * Application Layer Protocol Negotiation (ALPN)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment