Skip to content

Improve documentation for footgun function g_tls_client_connection_copy_session_state()

Michael Catanzaro requested to merge mcatanzaro/copy-session-state into master

This function has numerous undocumented limitations. Back when we had only a GnuTLS backend and only needed to worry about TLS 1.2, we could be sure this function would actually work... usually, provided the server has sent a session ID or session ticket, and it hadn't expired yet. Nowadays we have an OpenSSL backend that doesn't implement this function at all. And I'm probably going to remove the TLS 1.2 implementation from the GnuTLS backend, keeping only a TLS 1.3 implementation. Moreover, with TLS 1.3, it's now required that you read some data before a session ticket will be available, so any code that previously expected it to be possible to use this function after a handshake is now broken. There's also no way to know whether a session ticket is available or not; we would probably need a signal to notify when tickets are received if we wanted to fix that.

In short, it's not possible to ensure this function actually does anything.

Document these problems. And maybe also deprecate the function. I've done the deprecation in a separate commit and asked Ross Lagerwall to comment, since he added this function and might have thoughts on this. The deprecation isn't strictly necessary, but seems advisable since it currently seems difficult to write code that really requires session sharing without using the lower-level TLS library directly.

Edited by Michael Catanzaro

Merge request reports