[Libwebsockets] TLS session cache and reuse, lws_tls_session_new_cb() not executed by BoringSSL

Catalin Raceanu cra at mega.nz
Thu Apr 29 14:43:51 CEST 2021


On 28.04.2021 19:52, Andy Green wrote:
>
> the sul can live in struct lws_lws_tls that holds a pointer to the SSL.
> I modified it to provide the sul-related part and enable it also for 
> mbedtls

Thank you! I don't know if would have eventually found `lws_lws_tls`.


> and pushed it on _temp branch so you can test and iterate on it again 
> to make sure it still does what you need.

Looks very good, and it does add new sessions to cache. I've added a few 
minor changes in github _temp 
<https://github.com/catalinr-m/libwebsockets/commits/_temp_synth_cb>, 
the last 2 commits.

There are 2 removed lines of code, that are not related to this:
- removed "wsi->tls_session_reused = 1;" because now it's only used for 
mbedtls;
- removed "lws_sul_cancel(&ts->sul_ttl);" because it was also done in 
"__lws_tls_session_destroy(ts);" which was called 3 lines later.

I wonder if it's worth for "lws_sess_cache_synth_cb()" to re-schedule 
itself if the session was invalid when it was executed.


Also, for a future LWS version and if it proves to be useful, would it 
be appropriate to add a user callback, that would get called by 
"lws_tls_session_new_cb()", after a new session has been successfully 
added to cache (i.e. passing the vhost name, host name and port)?


Regards,

Catalin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20210429/a4225eeb/attachment.htm>


More information about the Libwebsockets mailing list