Bootstrap parallel connections using session resume ?

[Sebastien Decugis]

Hello,

I am trying to establish several parallel TLS-protected channels between
two nodes, like this :
- establish the first connection (called "master")
- TLS handshake, verify credentials,
- If successful, establish the other connections (same endpoints)
- TLS handshake each of these connections (in parallel in several
threads), using the same credentials as the master session.

I got this working, but I would like to optimize the establishment of
the multi-connections. I can see several ways to do this, but I would
like to know if they are not mis-use of the GnuTLS library.  What I am
trying to do is:
- create several threads after the master handshake and verification,
and handle each children handshake independently.
- use session resuming from the master session to accelerate the
handshake in all children connections.

Each connection has an independant gnutls_session_t object, but share
the same credentials structures. On the server side, I have set the same
session store for all sessions. I need to set the transport pointer in
the sessions using the gnutls_transport_set_ptr function. Should I do it
before or after the gnutls_session_set_data on the client side? Is there
anything more to do ?

I don't know if it is relevant, my different channels are actually the
same socket object, but different SCTP streams, and I use customs
push/pull functions to mux/demux the messages. I can send my code
showing the actual implementation if you are interested.

So far, I was not able to use multithreading and resuming efficiently.
Most of the sessions fail to resume and fallback to a full handshake. I
have seen also some strange behavior (store operation with the same key
but different data) so I am wondering if this whole mechanism is really
possible with GnuTLS. I don't really understand what is behind session
resuming, so please tell me if what I am trying to do is really wrong...

Thank you in advance,
Best regards,
Sebastien.