From 94dafcb9521d33faca662dabe9f1426eebd6280f Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 3 Feb 2022 15:59:14 -0500 Subject: [PATCH 1/2] Add a short caveat to client-tls13-resume.c --- tls/client-tls13-resume.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tls/client-tls13-resume.c b/tls/client-tls13-resume.c index 749b14a2..3a6519be 100644 --- a/tls/client-tls13-resume.c +++ b/tls/client-tls13-resume.c @@ -228,7 +228,22 @@ int main(int argc, char** argv) wolfSSL_FreeArrays(ssl); #endif - /* Save the session */ + /* Save the session + * + * NOTE: This is not an ideal solution. Please see client-tls-resume.c. + * There you will see that we do not need to call wolfSSL_peek() because + * we have already called wolfSSL_read() before calling + * wolfSSL_get_session() so wolfSSL has already internally stored the + * session ticket. For TLS 1.2 it is fine to put wolfSSL_get_session() + * right after the connection is established because the resumption + * information is part of the TLS 1.2 handshake. This is not the case for + * TLS 1.3. However, if you are migrating from TLS 1.2 and are having a + * hard time moving your call to wolfSSL_get_session(), you can try this + * approach. + * + * This approach can result in issues with I/O and is best used with non- + * blocking mode sockets. + */ session = wolfSSL_get_session(ssl); if (session == NULL) { printf("Session not available yet... trying peek\n"); @@ -393,6 +408,7 @@ exit: if (sslRes) wolfSSL_free(sslRes); /* Free the wolfSSL object */ #ifdef OPENSSL_EXTRA +asdfasdfasdf if (session) wolfSSL_SESSION_free(session); #endif From 5bdf8861381fd4412c359143f89aa214cbc1be23 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 3 Feb 2022 16:39:24 -0500 Subject: [PATCH 2/2] asdfadsf and #if 0 and comment cleanup. --- tls/client-tls13-resume.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tls/client-tls13-resume.c b/tls/client-tls13-resume.c index 3a6519be..c9b9d23f 100644 --- a/tls/client-tls13-resume.c +++ b/tls/client-tls13-resume.c @@ -228,18 +228,18 @@ int main(int argc, char** argv) wolfSSL_FreeArrays(ssl); #endif +#if 0 /* Save the session * - * NOTE: This is not an ideal solution. Please see client-tls-resume.c. - * There you will see that we do not need to call wolfSSL_peek() because - * we have already called wolfSSL_read() before calling - * wolfSSL_get_session() so wolfSSL has already internally stored the - * session ticket. For TLS 1.2 it is fine to put wolfSSL_get_session() - * right after the connection is established because the resumption - * information is part of the TLS 1.2 handshake. This is not the case for - * TLS 1.3. However, if you are migrating from TLS 1.2 and are having a - * hard time moving your call to wolfSSL_get_session(), you can try this - * approach. + * NOTE: This is not an ideal solution. Please see below where we call + * wolfSSL_get_session() just before disconnection. We do not need to + * call wolfSSL_peek() in that case because we have already called + * wolfSSL_read() so wolfSSL has already internally stored the session + * ticket. For TLS 1.2 it is fine to put wolfSSL_get_session() right after + * the connection is established because the resumption information is part + * of the TLS 1.2 handshake. This is not the case for TLS 1.3. However, if + * you are migrating from TLS 1.2 and are having a hard time moving your + * call to wolfSSL_get_session(), you can try this approach. * * This approach can result in issues with I/O and is best used with non- * blocking mode sockets. @@ -253,6 +253,7 @@ int main(int argc, char** argv) printf("Session ticket found\n"); } } +#endif /* Get a message for the server from stdin */ printf("Message for server: "); @@ -408,7 +409,6 @@ exit: if (sslRes) wolfSSL_free(sslRes); /* Free the wolfSSL object */ #ifdef OPENSSL_EXTRA -asdfasdfasdf if (session) wolfSSL_SESSION_free(session); #endif