New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 630149 link

Starred by 2 users
Status: Fixed
Owner:
davidben@chromium.org
Closed: Jul 2016
Cc:
svaldez@chromium.org
nhar...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug

Blocking:
issue 630147



Sign in to add a comment

Do not cache sessions by SSL_get_session in SSLClientSocketImpl

Project Member Reported by davidben@chromium.org, Jul 21 2016 
We might consider making the SSL object remember the established session to make things slightly easier, but fundamentally TLS 1.3 requires one use the callback rather than assume there is one SSL_SESSION and it is ready when the handshake completes. We do this due to False Start, but we also grab the session out of SSL_get_session in some codepaths. (In TLS 1.3, NewSessionTicket is a post-handshake message.)

Most of this weirdness comes from the 1.2 case because we do the cert verify externally.
Project Member

Comment 1 by bugdroid1@chromium.org, Jul 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c269cc4baed868b167ad45838b4cc1ea6492b866

commit c269cc4baed868b167ad45838b4cc1ea6492b866
Author: davidben <davidben@chromium.org>
Date: Wed Jul 27 14:55:03 2016

Stop calling SSL_get_session in SSLClientSocketImpl.

In TLS 1.3, sessions are post-handshake, so they must only come in the
callback. This change is a no-op in TLS 1.2.

Also update the key_exchange_info to use the new SSL-based APIs. Otherwise
calling GetSSLInfo during a renegotiation may have problems. The SSL-based
APIs internally also have the same problem, but we can fix that while we
can't change SSL_get_session's behavior.

BUG= 630149 

Review-Url: https://codereview.chromium.org/2189613003
Cr-Commit-Position: refs/heads/master@{#408125}

[modify] https://crrev.com/c269cc4baed868b167ad45838b4cc1ea6492b866/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/c269cc4baed868b167ad45838b4cc1ea6492b866/net/socket/ssl_client_socket_impl.h

Comment 2 by davidben@chromium.org, Jul 27 2016

Owner: davidben@chromium.org
Status: Fixed (was: Available)

Sign in to add a comment