Skip to main content

Module ticket_cache

aube_util::http

Module ticket_cache 

Source
Expand description

Cross-invocation TLS session ticket cache.

rustls 0.23+ exposes ClientSessionStore for caching session tickets in-memory; the default impl is per-process and dies with the CLI. Persisting tickets on disk lets the second aube install invocation skip the full TLS handshake and resume against the cached session, saving 1 RTT (~50-150 ms per origin) on cold invocations after the first one. No PM in the npm-CM-space ships this — npm/pnpm/yarn/bun/vlt all start with an empty session store every invocation.

Format: serde-json blob at $XDG_CACHE_HOME/aube/tls-tickets.json containing per-host entries (server_name, port) -> TicketEntry. Each entry holds the rustls ticket bytes plus the SPKI fingerprint observed at ticket-acquire time. The rustls wiring layer compares the live cert’s SPKI fingerprint against spki_fp and calls invalidate(host, port) on mismatch so a rotated cert never silently downgrades to a stale resumption. Entries past MAX_AGE (24 h) are pruned at load.

On Unix the on-disk file is created with mode 0600 so ticket bytes are not world-readable on multi-user hosts.

AUBE_DISABLE_TLS_TICKET_CACHE=1 skips load + save; rustls falls back to its per-process in-memory store.

The rustls ClientSessionStore trait wiring lives at the aube-registry integration site so aube-util keeps zero rustls dependency. This module ships the on-disk format, the in-memory map, and the load/save/expire/invalidate APIs the wiring layer reads.

Structs§

HostPort
Storage key — (host, port). Lowercased host, normalized port.
TicketCache
In-memory ticket cache. Backed by an on-disk JSON blob; load and save are explicit so the rustls wiring layer can drive them at install start / install end.
TicketEntry
One serialized ticket entry. ticket is opaque to this module — the rustls ClientSessionStore wiring layer encodes/decodes it. spki_fp binds the ticket to the cert observed when it was acquired so a rotated cert force-invalidates the resumption.

Constants§

MAX_AGE
Tickets older than this are pruned at load. Matches the typical session-ticket-lifetime hint Cloudflare/Fastly send (~24 h).

Functions§

is_disabled
Returns true when the on-disk ticket cache is disabled.