Merge pull request #288 from anhu/caveat

Add a short caveat to client-tls13-resume.c
2022-02-03 13:55:40 -08:00 · 2022-02-03 13:55:40 -08:00 · 812b3e985b
parent 84bc92ef8d 5bdf886138
commit 812b3e985b
1 changed files with 17 additions and 1 deletions
--- a/tls/client-tls13-resume.c
+++ b/tls/client-tls13-resume.c
@ -228,7 +228,22 @@ int main(int argc, char** argv)
    wolfSSL_FreeArrays(ssl);
 #endif

-    /* Save the session */
+#if 0
+    /* Save the session
+     *
+     * NOTE: This is not an ideal solution. Please see below where we call
+     * wolfSSL_get_session() just before disconnection. We do not need to
+     * call wolfSSL_peek() in that case because we have already called
+     * wolfSSL_read() so wolfSSL has already internally stored the session
+     * ticket. For TLS 1.2 it is fine to put wolfSSL_get_session() right after
+     * the connection is established because the resumption information is part
+     * of the TLS 1.2 handshake. This is not the case for TLS 1.3. However, if
+     * you are migrating from TLS 1.2 and are having a hard time moving your
+     * call to wolfSSL_get_session(), you can try this approach.
+     *
+     * This approach can result in issues with I/O and is best used with non-
+     * blocking mode sockets.
+     */
    session = wolfSSL_get_session(ssl);
    if (session == NULL) {
        printf("Session not available yet... trying peek\n");
@ -238,6 +253,7 @@ int main(int argc, char** argv)
            printf("Session ticket found\n");
        }
    }
+#endif

    /* Get a message for the server from stdin */
    printf("Message for server: ");