Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tls: add getter and setter for session ticket number. #34020

Closed
wants to merge 2 commits into from

Conversation

mkrawczuk
Copy link
Contributor

This is a TLS API extension enabling to control the number of session tickets that server sends to the client. Usually it is 2, but sometime it makes sens to set it to 1, or even 0.

  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels Jun 22, 2020
@addaleax addaleax added semver-minor PRs that contain new features and should be released in the next minor version. tls Issues and PRs related to the tls subsystem. and removed lib / src Issues and PRs related to general changes in the lib or src directory. labels Jun 22, 2020
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nodejs/crypto

src/node_crypto.cc Outdated Show resolved Hide resolved
Copy link
Member

@mildsunrise mildsunrise left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm missing two things from the documentation:

  1. Why you would want to change the default. (I'm aware openssl lets you but besides compliance testing I have no idea why you would.)

  2. No mention that the setting only applies to the initial handshake. For resumption, it's fixed at 1.

Comment on lines +1583 to +1585
uint32_t numTickets = args[0].As<Uint32>()->Value();

CHECK(SSL_CTX_set_num_tickets(sc->ctx_.get(), numTickets));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uint32_t numTickets = args[0].As<Uint32>()->Value();
CHECK(SSL_CTX_set_num_tickets(sc->ctx_.get(), numTickets));
uint32_t num_tickets = args[0].As<Uint32>()->Value();
CHECK_EQ(1, SSL_CTX_set_num_tickets(sc->ctx_.get(), num_tickets));

@@ -294,6 +294,10 @@ exports.createSecureContext = function createSecureContext(options) {
options.clientCertEngine);
}

if (options.numTickets) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't let you set it to 0.

@@ -1315,6 +1315,9 @@ Server.prototype.setSecureContext = function(options) {
.slice(0, 32);
}

if (options.numTickets)
this.numTickets = options.numTickets;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto, plus it introduces a performance gotcha in that it creates two hidden classes: one with the property, one without. Always set the property.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @bnoordhuis could you please clarify how it creates two hidden classes: one with the property, one without?

});

const expectedNumTickets = 1;
// 2 is the deafult value set by OpenSSL.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// 2 is the deafult value set by OpenSSL.
// 2 is the default value set by OpenSSL.

code: 'ERR_INVALID_ARG_TYPE',
message: 'Number of tickets must be an unsigned 32-bit integer'
}
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check multiple values, e.g.:

for (const expectedNumTickets of [0, 1, 2, 42, 1337, 2 ** 32 - 1]) {
  // ...
}

Checking that 2 ** 32 throws would be good, too.

@@ -1366,6 +1370,14 @@ Server.prototype.setTicketKeys = function setTicketKeys(keys) {
this._sharedCreds.context.setTicketKeys(keys);
};

Server.prototype.getNumTickets = function getNumTickets() {
return this._sharedCreds.context.getNumTickets();
};
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm.. I thought I had left a review comment on this previously but I'm not seeing it now... Stylistically, I'd much prefer these to get regular getter/setters (e.g. server.numTickets = 1) rather than separate functions like this.

@PoojaDurgad
Copy link
Contributor

PoojaDurgad commented Dec 24, 2020

@mkrawczuk - This PR seems to have gotten a little stuck and this requires rebase due to git conflicts.

Copy link
Contributor

This issue/PR was marked as stalled, it will be automatically closed in 30 days. If it should remain open, please leave a comment explaining why it should remain open.

Copy link
Contributor

Closing this because it has stalled. Feel free to reopen if this issue/PR is still relevant, or to ping the collaborator who labelled it stalled if you have any questions.

@github-actions github-actions bot closed this Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. semver-minor PRs that contain new features and should be released in the next minor version. stalled Issues and PRs that are stalled. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants