Hi, On Sun, Jan 18, 2026 at 3:16 PM Tim Düsterhus <[email protected]> wrote:
> Hi > > On 12/23/25 00:07, Jakub Zelenka wrote: > > I would like to introduce a TLS Session Resumption Support for Streams > RFC > > that is part of my stream evolution work (PHP Foundation project funded > by > > Sovereign Tech Fund) : > > > > https://wiki.php.net/rfc/tls_session_resumption_api > > Thank you for the RFC. The feature makes sense to me and fills a clear > gap. I'm sharing some of Derick's concerns and questions, particularly: > > 1. What will happen if an incorrect / outdated / malformed > `session_data` string is provided? Will it silently be ignored? Will it > emit an error? Will there be issues internally in OpenSSL? > > So this changed a bit as only OpenSSLSession instance can be passed in. So passing invalid and mallformed instance is not possible (TypeError is thrown if different type is passed in). But if it's expired, it should just result in warning and full handshake. This should be later covered as part of new stream error handling as non terminating error (stored error in exception mode). > 2. We should avoid introducing new E_WARNINGs, particularly for clear > error situation (session_get_cb without session_new_cb). > The programmer errors have been converted to ValueErrors and TypeErrors. There are few new warning but those are for non programmer errors and should be later handled by new stream error handling (another RFC that I have). Cheers Jakub
