TLS session resumption via session IDs leads to handshake errors when Mutual TLS (client certificate) is used

When reusing the TLS context to the same endpoint, the previous connection has to be finished otherwise, the following error happens:

TLS error in tls_cycle_input: error:0A000115:SSL routines::session id context uninitialized

This happens f.e. in the new dispatch where there's a little delay between tearing down the whole TLSDNS connection and starting up the new one.

After the investigation is turned out that in order to make TLS session resumption via session IDs work, we need to use SSL[_CTX]_set_session_id_context() function to initialise the session identifier within a server TLS context, otherwise we will get the error above.

(excerpt from the SSL[_CTX]_set_session_id_context() documentation)

WARNINGS

If the session id context is not set on an SSL/TLS server and client certificates are used, stored sessions will not be reused but a fatal error will be flagged and the handshake will fail.

As @aram found, there is a specialised check within OpenSSL specifically for that case:

    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
        /*
         * We can't be sure if this session is being used out of context,
         * which is especially important for SSL_VERIFY_PEER. The application
         * should have used SSL[_CTX]_set_session_id_context. For this error
         * case, we generate an error instead of treating the event like a
         * cache miss (otherwise it would be easy for applications to
         * effectively disable the session cache by accident without anyone
         * noticing).
         */

        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
        fatal = 1;
        goto err;
    }

Unfortunately, we have not been doing that. So, the first resumption attempt after a successful connection in case of Mutual TLS (when client certificates are used) will always fail.

So, the problem was not in the TLS context reuse per se, which is the only way to make TLS session resumption work, but in incomplete server TLS context initialisation procedure for that case.