Description
Similar to #18, but for the server-side of the equation. We already have some support for traditional session resumption, but there is some API surface/behaviour related to session tickets not yet implemented.
In particular using Nginx 1.24.0 with the runner.rs nginx/curl resumption tests causes all requests to the server configurations that are supposed to return "r" from /ssl-was-reused to return "." instead.
On startup, nginx logs:
2024/06/11 14:24:46 [warn] 2922744#2922744: nginx was built with Session Tickets support, however, now it is linked dynamically to an OpenSSL library which has no tlsext support, therefore Session Tickets are not available
That in turn seems to be emitted in ngx_event_openssl.c when SSL_CTX_set_tlsext_ticket_key_cb fails. Both that function (deprecated) and the replacement SSL_CTX_set_tlsext_ticket_key_evp_cb are #define's that expand to calls to SSL_CTX_callback_ctrl with cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB.
One option to resolve the above is to stub SSL_CTX_set_tlsext_ticket_key_cb and not call the callback. This in combination with setting a ticketer on the Rustls ServerConfig should be enough to get session ticket resumption working with Nginx 1.24. I tried this briefly and found the aws-lc-rs ticketer was always failing to decrypt-in-place the session ticket provided by curl w/ a resumption connection. More investigation is required.
See also some discussion on #18 placed there when I hadn't realized that #18 was client-specific.