On Fri, Dec 9, 2016 at 11:13 PM, Viktor Dukhovni <openssl-us...@dukhovni.org > wrote:
> On Fri, Dec 09, 2016 at 09:47:19PM +0100, Fedor Indutny wrote: > > > > The callback is *correctly* only called when choosing the server > > > certificate. In *that* case, it is always called. When sessions > > > are resumed, there is no certificate to present, so no callback is > > > made. > > > > That's why I said that the intended logic is clear. However, this > > implementation makes the API unusable in at least one case. Even more, > > there are no alternatives to this API, meaning that there is no other way > > to delay certificate/key/context selection. Clearly this is the case for > > which the API was created. > > Resumed sessions don't select any certificates, so it makes no > sense to invoke certificate selection callbacks. > The problem with ticket keys is that they are assigned globally and there is no way to control what's happening independently in asynchronous manner. Thus API looks a bit odd: on one hand OpenSSL allows selecting certs asynchronously, on other hand TLS tickets are going to be processed synchronously anyway. > > > Ticket rotation is already possible in both bud and node.js and is > > completely unrelated to this issue. Even with ticket rotation valid > tickets > > will cause asynchronous SNI lookups to be skipped. > > If you deny the key id, then a new session will be negotiated, and > certificate selection callbacks will be invoked. > This means disabling TLS ticket keys for both bud and node.js . It is possible, but will hurt performance significantly. > > > However, when valid TLS ticket is received - OpenSSL will skip the > > `cert_cb` and will just do regular handshake as no `cert_cb` was set. > This > > breaks balancing and OCSP stapling fetching, which are major use cases > for > > both bud and node.js (which can do all of this too through external > > modules). > > There is no OCSP with resumed sessions, no certificates are sent > by the server or checked by the client. If you want certificates, > don't do session resumption. > > OpenSSL is behaving correctly. This is a fundamental feature of TLS. > While I agree about OCSP, I don't see how this fundamental feature helps in backend selection case. Clearly it is impossible to choose backends dynamically with such reduced API implementation. All in all, what I am asking for is an internal change that will still adhere to the documentation. There is no fundamental feature of TLS that could prohibit this. > > -- > Viktor. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev