Hello Viktor! Replying inline.
On Fri, Dec 9, 2016 at 9:28 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote: > > > During development of one feature for my TLS proxy bud, I have discovered > > that the cert_cb is invoked only for newly generated tickets/sessions. > The > > reasoning behind this is clear, but I believe that it is most likely > needs > > a revision. Here is my reasoning: > > The callback is *correctly* only called when choosing the server > certificate. In *that* case, it is always called. When sessions > are resumed, there is no certificate to present, so no callback is > made. > That's why I said that the intended logic is clear. However, this implementation makes the API unusable in at least one case. Even more, there are no alternatives to this API, meaning that there is no other way to delay certificate/key/context selection. Clearly this is the case for which the API was created. > > > Furthermore, with the TLS ticket provided > > application can no longer chose to provide a different certificate in > case > > of expiration or revocation. > > You can implement a ticket key callback that when appropriate, will > decline tickets under suitable conditions, in which case a full > handshake will be performed. > > Custom ticket callbacks that do session ticket key rotation are a > good idea in any case, the default tickets are not rotated, which > is not apppropriate for long-running processes. > > Ticket rotation is already possible in both bud and node.js and is completely unrelated to this issue. Even with ticket rotation valid tickets will cause asynchronous SNI lookups to be skipped. Let me put this into real example. "bud" does SNI balancing and asynchronous OCSP stapling. When there are no tickets - it will connect to some HTTP backend to fetch certificate, key, and list of cleartext backends. It will also asynchronously fetch OCSP response from either remote cache or OCSP authority. However, when valid TLS ticket is received - OpenSSL will skip the `cert_cb` and will just do regular handshake as no `cert_cb` was set. This breaks balancing and OCSP stapling fetching, which are major use cases for both bud and node.js (which can do all of this too through external modules). Hope this clarifies things a bit, Fedor. > -- > Viktor. > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
