]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5e2e09) | patch
lib: TLS session ticket caching reworked
authorStefan Eissing <stefan@eissing.org>
Wed, 18 Dec 2024 12:22:35 +0000 (13:22 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 20 Dec 2024 13:59:23 +0000 (14:59 +0100)
commitfa0ccd9f1fbbbd77bf50b26e3ba231ea6c729474
tree3d7977ec23afde7933d1fd4bac9b1044a33c7f76tree | snapshot
parente5e2e09a75def01f7c103d11d36fb34cbaf464ddcommit | diff
lib: TLS session ticket caching reworked

Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters
- recognize differences between TLSv1.3 and other tickets
  * TLSv1.3 tickets are single-use, cache can hold several of them for a peer
  * TLSv1.2 are reused, keep only a single one per peer
- differentiate between ticket BLOB to store (that could be persisted) and object instances
- use put/take/return pattern for cache access
- remember TLS version, ALPN protocol, time received and lifetime of ticket
- auto-expire tickets after their lifetime

Closes #15774
36 files changed:
docs/Makefile.am diff | blob | blame | history
docs/internals/DYNBUF.md diff | blob | blame | history
docs/internals/LLIST.md diff | blob | blame | history
docs/internals/TLS-SESSIONS.md [new file with mode: 0644] blob
lib/Makefile.inc diff | blob | blame | history
lib/dynbuf.c diff | blob | blame | history
lib/dynbuf.h diff | blob | blame | history
lib/llist.c diff | blob | blame | history
lib/llist.h diff | blob | blame | history
lib/setopt.c diff | blob | blame | history
lib/share.c diff | blob | blame | history
lib/share.h diff | blob | blame | history
lib/transfer.c diff | blob | blame | history
lib/urldata.h diff | blob | blame | history
lib/vquic/curl_ngtcp2.c diff | blob | blame | history
lib/vquic/curl_osslq.c diff | blob | blame | history
lib/vquic/curl_quiche.c diff | blob | blame | history
lib/vquic/vquic-tls.c diff | blob | blame | history
lib/vquic/vquic-tls.h diff | blob | blame | history
lib/vtls/bearssl.c diff | blob | blame | history
lib/vtls/gtls.c diff | blob | blame | history
lib/vtls/gtls.h diff | blob | blame | history
lib/vtls/mbedtls.c diff | blob | blame | history
lib/vtls/openssl.c diff | blob | blame | history
lib/vtls/openssl.h diff | blob | blame | history
lib/vtls/schannel.c diff | blob | blame | history
lib/vtls/sectransp.c diff | blob | blame | history
lib/vtls/vtls.c diff | blob | blame | history
lib/vtls/vtls.h diff | blob | blame | history
lib/vtls/vtls_int.h diff | blob | blame | history
lib/vtls/vtls_scache.c [new file with mode: 0644] blob
lib/vtls/vtls_scache.h [new file with mode: 0644] blob
lib/vtls/wolfssl.c diff | blob | blame | history
lib/vtls/wolfssl.h diff | blob | blame | history
tests/http/test_02_download.py diff | blob | blame | history
tests/http/test_14_auth.py diff | blob | blame | history
Mirror of https://github.com/curl/curl.git