Add service identity to SSL socket and use in ticket cache

Summary:Allow applications to specify a service identity tied to an SSLSocket
that can be used as a ticket cache key.

Further, add the cache key to the SSL_SESSION object and serialize it.

Reviewed By: siyengar

Differential Revision: D2991005

fb-gh-sync-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28
shipit-source-id: 25a5ddbb66bd9da2084159136cbe4d55b9e00f28

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 732d486f89f4b76ce39681bced147a66b15605fb..6cfd24b68b4b5e009059d61086bfa0ca897d343b 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -755,6 +755,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    */
   void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }
 
    */
   void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }
 

+  const std::string& getServiceIdentity() const { return serviceIdentity_; }
+
+  void setServiceIdentity(std::string serviceIdentity) {
+    serviceIdentity_ = std::move(serviceIdentity);
+  }
+

  private:
 
   void init();
  private:
 
   void init();


@@ -866,6 +872,10 @@ class AsyncSSLSocket : public virtual AsyncSocket {
   std::shared_ptr<folly::SSLContext> handshakeCtx_;
   std::string tlsextHostname_;
 #endif
   std::shared_ptr<folly::SSLContext> handshakeCtx_;
   std::string tlsextHostname_;
 #endif

+
+  // a service identity that this socket/connection is associated with
+  std::string serviceIdentity_;
+

   folly::SSLContext::SSLVerifyPeerEnum
     verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};
 
   folly::SSLContext::SSLVerifyPeerEnum
     verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};