SSL namespace: Add enum to disable SSL session sharing

There is already an enum to disable SSL session tickets, which has been used to disable session sharing for now. However, SSL session sharing is not the same as SSL session tickets: Session sharing is built into the SSL protocol, while session tickets is a TLS extension (RFC 5077). Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc Reviewed-by: Richard J. Moore <rich@kde.org>
2013-04-22 10:36:04 +02:00 · 2013-04-22 10:36:04 +02:00 · 7df16fb4cc
commit 7df16fb4cc
parent c5a3cfa488
4 changed files with 6 additions and 3 deletions
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@ -161,6 +161,8 @@ QT_BEGIN_NAMESPACE
    mechanism for renegotiating the connection parameters. When enabled, this
    option can allow connections for legacy servers, but it introduces the
    possibility that an attacker could inject plaintext into the SSL session.
+    \value SslOptionDisableSessionSharing Disables SSL session sharing via
+    the session ID handshake attribute.

    By default, SslOptionDisableEmptyFragments is turned on since this causes
    problems with a large number of servers. SslOptionDisableLegacyRenegotiation
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@ -95,7 +95,8 @@ namespace QSsl {
        SslOptionDisableSessionTickets = 0x02,
        SslOptionDisableCompression = 0x04,
        SslOptionDisableServerNameIndication = 0x08,
-        SslOptionDisableLegacyRenegotiation = 0x10
+        SslOptionDisableLegacyRenegotiation = 0x10,
+        SslOptionDisableSessionSharing = 0x20
    };
    Q_DECLARE_FLAGS(SslOptions, SslOption)
 }
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@ -1439,7 +1439,7 @@ void QSslSocketBackendPrivate::continueHandshake()
 #endif

    // Cache this SSL session inside the QSslContext
-    if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) {
+    if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) {
        if (!sslContextPointer->cacheSession(ssl))
            sslContextPointer.clear(); // we could not cache the session
    }
--- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
+++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp
@ -5920,7 +5920,7 @@ void tst_QNetworkReply::sslSessionSharing()
    warmupRequest.setAttribute(QNetworkRequest::User, sessionSharingEnabled); // so we can read it from the slot
    if (! sessionSharingEnabled) {
        QSslConfiguration configuration(QSslConfiguration::defaultConfiguration());
-        configuration.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
+        configuration.setSslOption(QSsl::SslOptionDisableSessionSharing, true);
        warmupRequest.setSslConfiguration(configuration);
    }
    QNetworkReply *reply = manager.get(warmupRequest);