cURL / Mailing Lists / curl-library / Single Mail



From: Thomas Glanzmann <>
Date: Wed, 13 Jan 2016 07:06:39 +0100

Hello Ray,

Manuel has answered:

> Ok, so I'll start with the easy things: we do support both ID-based
> (old-style) and ticket-based (RFC 5077) session resumption. From the
> client perspective, the API for both is exactly the same (the only
> difference being the size of the state stored): you first save a
> session with mbedtls_ssl_get_session() then load it to another context
> using mbedtls_ssl_set_session() before you perform a handshake with
> that new context, and the handshake will resume the previous session
> if the server is OK with that. For an example, you can look at what is
> done in ssl_client2.c with saved_session. In practice before you
> resume, instead of using mbedtls_ssl_session_reset() as we do, if
> you're using a fresh ssl_context you'll just call mbedtls_ssl_setup()
> before mbedtls_ssl_set_session().

> Regarding the peer certificate issue, currently the documentation for
> mbedtls_ssl_get_session() says the peer's certificate is lost in the
> operation which is no longer correct, though it used to be (I think
> the new behaviour was introduced in 1.3.0). The current behaviour is
> that the peer's end entity certificate is saved, though the rest of
> the chain is not. For HPKP this might be a problem as the pinned key
> could be anywhere in the chain. OTOH, out of the top of my head, I'm
> really not sure you need to check the pinning again on resumed
> sessions: a man-in-the-middle wouldn't be able to resume the session
> anyway. So you probably want to check skip HPKP verification for
> resumed sessions, which make the lack of cert chain a non-issue.

> Finally, regarding the fact that mbedtls_pk_write_pubkey_der() expects
> a non-const pk_context, I think it is a bug on our side: that function
> should work well with a const public key, and I'm afraid we just
> forgot the const in the prototype :( So I think it should work if you
> just cast the const away. If you want a more correct solution, then
> the easiest thing to make a non-const copy of is the certificate, by
> calling mbedtls_x509_crt_parse_der() on c->raw.p, c->raw.len if c is
> the pointer returned by mbedtls_ssl_get_peer_cert().

> PS: feel free to open a bug on github regarding the const-ness issue. If
> you don't have a github account, I'll open the bug for you.

List admin:
Received on 2016-01-13