From c55c561d4ed9843796d12c504850374d1a811030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Tue, 5 May 2015 11:29:31 +0200 Subject: [PATCH] Expirement with SSL session resume This writes the SSL session as PEM to /tmp/mysql_sess.pem and it restores the session from the same file. To inspect the session file: openssl sess_id -in /tmp/mysql_sess.pem -noout -text The result is that Ssl_sessions_reused will be set to 1. show session status like 'Ssl_sessions_reused'; And with tcpdump/wireshark you can see that the client sends a SessionTicket TLS (filter: ssl.handshake.extension.type == 0x0023) See also: http://bugs.mysql.com/bug.php?id=76921 --- vio/viossl.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/vio/viossl.c b/vio/viossl.c index 4697c1f..ed68d45 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -376,6 +376,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, { int r; SSL *ssl; + SSL_SESSION *sslses; + FILE *fd; + struct stat sb; my_socket sd= mysql_socket_getfd(vio->mysql_socket); DBUG_ENTER("ssl_do"); DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx", @@ -409,6 +412,14 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, yaSSL_transport_set_send_function(ssl, yassl_send); #endif + if (stat("/tmp/mysql_sess.pem", &sb) != -1) { + fd = fopen("/tmp/mysql_sess.pem","r"); + sslses = PEM_read_SSL_SESSION(fd,NULL,0,NULL); + SSL_set_session(ssl, sslses); + SSL_SESSION_free(sslses); + fclose(fd); + } + if ((r= ssl_handshake_loop(vio, ssl, func, ssl_errno_holder)) < 1) { DBUG_PRINT("error", ("SSL_connect/accept failure")); @@ -416,6 +427,12 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, DBUG_RETURN(1); } + fd = fopen("/tmp/mysql_sess.pem", "w"); + DBUG_PRINT("info",("Writing SSL Session to /tmp/mysql_sess.pem")); + sslses = SSL_get_session(ssl); + PEM_write_SSL_SESSION(fd, sslses); + fclose(fd); + /* Connection succeeded. Install new function handlers, change type, set sd to the fd used when connecting