Hello Viktor!

Replying inline.

On Fri, Dec 9, 2016 at 9:28 PM, Viktor Dukhovni <openssl-us...@dukhovni.org>

> On Fri, Dec 09, 2016 at 08:43:01PM +0100, Fedor Indutny wrote:
> > During development of one feature for my TLS proxy bud, I have discovered
> > that the cert_cb is invoked only for newly generated tickets/sessions.
> The
> > reasoning behind this is clear, but I believe that it is most likely
> needs
> > a revision. Here is my reasoning:
> The callback is *correctly* only called when choosing the server
> certificate.  In *that* case, it is always called.  When sessions
> are resumed, there is no certificate to present, so no callback is
> made.

That's why I said that the intended logic is clear. However, this
implementation makes the API unusable in at least one case. Even more,
there are no alternatives to this API, meaning that there is no other way
to delay certificate/key/context selection. Clearly this is the case for
which the API was created.

> > Furthermore, with the TLS ticket provided
> > application can no longer chose to provide a different certificate in
> case
> > of expiration or revocation.
> You can implement a ticket key callback that when appropriate, will
> decline tickets under suitable conditions, in which case a full
> handshake will be performed.
> Custom ticket callbacks that do session ticket key rotation are a
> good idea in any case, the default tickets are not rotated, which
> is not apppropriate for long-running processes.
Ticket rotation is already possible in both bud and node.js and is
completely unrelated to this issue. Even with ticket rotation valid tickets
will cause asynchronous SNI lookups to be skipped.

Let me put this into real example. "bud" does SNI balancing and
asynchronous OCSP stapling. When there are no tickets - it will connect to
some HTTP backend to fetch certificate, key, and list of cleartext
backends. It will also asynchronously fetch OCSP response from either
remote cache or OCSP authority.

However, when valid TLS ticket is received - OpenSSL will skip the
`cert_cb` and will just do regular handshake as no `cert_cb` was set. This
breaks balancing and OCSP stapling fetching, which are major use cases for
both bud and node.js (which can do all of this too through external

Hope this clarifies things a bit,

> --
>         Viktor.
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to