Resolve #3376: Do not provide a shim for SSL_SESSION_is_resumable() (!6346) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge 3376-fix-openssl-1.1.0-unimplementable-SSL-SESSION-is-resumable into main May 23, 2022

The recently added TLS client session cache used SSL_SESSION_is_resumable() to avoid polluting the cache with non-resumable sessions. However, it turned out that we cannot provide a shim for this function across the whole range of OpenSSL versions due to the fact that OpenSSL 1.1.0 does uses opaque pointers for SSL_SESSION objects.

The commit replaces the shim for SSL_SESSION_is_resumable() with a non public approximation of it on systems shipped with OpenSSL 1.1.0. It is not turned into a proper shim because it does not fully emulate the behaviour of SSL_SESSION_is_resumable(), but in our case it is good enough, as it still helps to protect the cache from pollution.

For systems shipped with OpenSSL 1.0.X and derivatives (e.g. older versions of LibreSSL), the provided replacement perfectly mimics the function it is intended to replace.

Closes #3376 (closed)

Edited May 24, 2022 by Artem Boldariev

Resolve #3376: Do not provide a shim for SSL_SESSION_is_resumable()

Merge request reports