Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.11.0, 5.11.2, 5.12.0 Beta 4, 5.12.0 RC
-
None
-
93a803a6de27d9eb57931c431b5f3d074914f693 (qt/qtbase/5.12)
Description
Since OpenSSL 1.1.0 it is not possible to resume a tls session with "session id" or "session tickets". Same build works with OpenSSL 1.0.2.
Qt already pushes the stored session to OpenSSL. But it will "ignore" it and do a full handshake.
Looks like Qt has a similar problem like Python?
https://github.com/openssl/openssl/issues/1550
If we add a dirty hack to OpenSSL it will work again.
--- x/openssl/ssl/ssl_sess.c
+++ y/openssl/ssl/ssl_sess.c
@@ -1126,7 +1126,7 @@
if ((s->session != NULL) &&
!(s->shutdown & SSL_SENT_SHUTDOWN) &&
!(SSL_in_init(s) || SSL_in_before(s))) {
- SSL_CTX_remove_session(s->session_ctx, s->session);
+ //SSL_CTX_remove_session(s->session_ctx, s->session);
return 1;
} else
return 0;
Seems OpenSSL do not like the given session und mark it as "bad session"?
https://github.com/openssl/openssl/commit/e70656cf1c9e886344913444fe2f3a0b7d3721a9 ???
Attachments
| For Gerrit Dashboard: QTBUG-71967 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 246295,3 | Use user-provided session data if available | 5.11 | qt/qtbase | Status: ABANDONED | +1 | 0 |
| 246839,5 | Fix session resumption with OpenSSL 1.1 | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |