From 3a721a9dd510f607ca6f7d57efa8bfa467fa1b33 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 14 Oct 2021 23:45:07 +0900
Subject: [PATCH] nghttpx: Send session ticket after handshake with boringssl

---
 src/shrpx_connection.cc | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc
index fc108bbd..6a1f4419 100644
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -571,6 +571,36 @@ int Connection::write_tls_pending_handshake() {
     tls.wbuf.drain(nwrite);
   }
 
+#if defined(OPENSSL_IS_BORINGSSL)
+  if (!SSL_in_init(tls.ssl)) {
+    // This will send a session ticket.
+    auto nwrite = SSL_write(tls.ssl, "", 0);
+    if (nwrite < 0) {
+      auto err = SSL_get_error(tls.ssl, nwrite);
+      switch (err) {
+      case SSL_ERROR_WANT_READ:
+        if (LOG_ENABLED(INFO)) {
+          LOG(INFO) << "Close connection due to TLS renegotiation";
+        }
+        return SHRPX_ERR_NETWORK;
+      case SSL_ERROR_WANT_WRITE:
+        break;
+      case SSL_ERROR_SSL:
+        if (LOG_ENABLED(INFO)) {
+          LOG(INFO) << "SSL_write: "
+                    << ERR_error_string(ERR_get_error(), nullptr);
+        }
+        return SHRPX_ERR_NETWORK;
+      default:
+        if (LOG_ENABLED(INFO)) {
+          LOG(INFO) << "SSL_write: SSL_get_error returned " << err;
+        }
+        return SHRPX_ERR_NETWORK;
+      }
+    }
+  }
+#endif // defined(OPENSSL_IS_BORINGSSL)
+
   // We have to start read watcher, since later stage of code expects
   // this.
   rlimit.startw();