Add API for setting OpenSSL sessions in AsyncSSLSocket

Summary: Add API set (but not get) an OpenSSL session. This is intended to handle the situation where the user already has a TLS1.3 resumable session. For example, this currently occurs when the user obtains a session through wangle's SSLSessionCallbacks. Reviewed By: mingtaoy Differential Revision: D22285536 fbshipit-source-id: 7ad8be501909dbb80ab74624991415e74441ef6e

Add API for setting OpenSSL sessions in AsyncSSLSocket
Summary: Add API set (but not get) an OpenSSL session. This is intended to handle the situation where the user already has a TLS1.3 resumable session. For example, this currently occurs when the user obtains a session through wangle's SSLSessionCallbacks. Reviewed By: mingtaoy Differential Revision: D22285536 fbshipit-source-id: 7ad8be501909dbb80ab74624991415e74441ef6e
9773cb4a · Andrew Huang · Facebook GitHub Bot · aa990652 · 9773cb4a · 9773cb4a
Commit 9773cb4a authored Oct 01, 2020 by Andrew Huang Committed by Facebook GitHub Bot Oct 01, 2020
Show whitespace changes
Inline Side-by-side

Showing with 19 additions and 3 deletions

folly/io/async/AsyncSSLSocket.cpp folly/io/async/AsyncSSLSocket.cpp +4 -0

folly/io/async/AsyncSSLSocket.h folly/io/async/AsyncSSLSocket.h +15 -3

No files found.
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -927,6 +927,10 @@ void AsyncSSLSocket::setSSLSessionV2(shared_ptr<ssl::SSLSession> session) {
  sslSessionManager_.setSession(session);
 }

+void AsyncSSLSocket::setRawSSLSession(SSLSessionUniquePtr session) {
+  sslSessionManager_.setRawSession(std::move(session));
+}
+
 void AsyncSSLSocket::getSelectedNextProtocol(
    const unsigned char** protoName,
    unsigned* protoLen) const {

--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -522,6 +522,8 @@ class AsyncSSLSocket : public AsyncSocket {
  const SSL* getSSL() const;

  /**
+   * DEPRECATED. Will eventually be removed. Please use setSSLSessionV2.
+   *
   * Set the SSL session to be used during sslConn.  AsyncSSLSocket will
   * hold a reference to the session until it is destroyed or released by the
   * underlying SSL structure.
@@ -532,12 +534,22 @@ class AsyncSSLSocket : public AsyncSocket {
  void setSSLSession(SSL_SESSION* session, bool takeOwnership = false);

  /**
-   * Currently unsupported. Eventually intended to replace setSSLSession()
-   * once TLS 1.3 is enabled by default.
-   * Set the abstracted SSL session to be used during sslConn.
+   * Set the SSL session to be used during sslConn.
   */
  void setSSLSessionV2(std::shared_ptr<ssl::SSLSession> session);

+  /**
+   * Note: This function exists for compatibility reasons. It is strongly
+   * recommended to use setSSLSessionV2 instead. After setRawSSLSession is
+   * called, subsequent calls to getSSLSession on the socket will return null.
+   *
+   * Set the SSL session to be used during sslConn.
+   * If the caller wishes to resume the session in TLS 1.3, the caller
+   * is responsible for ensuring that the session is resumable.
+   * If the session is not resumable, then a full handshake will be performed.
+   */
+  void setRawSSLSession(folly::ssl::SSLSessionUniquePtr session);
+
  /**
   * Get the name of the protocol selected by the client during
   * Application Layer Protocol Negotiation (ALPN)