From 4a1bfeed574b7ed77a7562e24963ea94a4e9792c Mon Sep 17 00:00:00 2001
From: Jou Ho <43765840+jouho@users.noreply.github.com>
Date: Tue, 8 Oct 2024 15:45:15 -0700
Subject: [PATCH] docs: update stateful resumption doc (#4818)

Co-authored-by: Lindsay Stewart <stewart.r.lindsay@gmail.com>
---
 docs/usage-guide/topics/ch11-resumption.md | 2 ++
 tls/s2n_recv.c                             | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/usage-guide/topics/ch11-resumption.md b/docs/usage-guide/topics/ch11-resumption.md
index 55bc249adbd..756f0823d92 100644
--- a/docs/usage-guide/topics/ch11-resumption.md
+++ b/docs/usage-guide/topics/ch11-resumption.md
@@ -25,6 +25,8 @@ Servers should set the three caching callback functions: `s2n_config_set_cache_s
 
 Clients should call `s2n_connection_get_session()` to retrieve some serialized state about the session. Then `s2n_connection_set_session()` should be called with that saved state when attempting to resume a new connection.
 
+The `cache_delete_callback` is called when a connection encounters a fatal error. This allows a server to delete a potentially corrupted or faulty session from its cache. Because an unexpected end-of-stream is considered a fatal error, an application should ensure that it performs a graceful TLS shutdown when using session caching. For more information on how to close connections, see [Closing the Connection](./ch07-io.md#closing-the-connection).
+
 ## Session Resumption in TLS1.2 and TLS1.3
 
 In TLS1.2, session ticket messages are sent during the handshake and are automatically received as part of calling `s2n_negotiate()`. They will be available as soon as negotiation is complete.
diff --git a/tls/s2n_recv.c b/tls/s2n_recv.c
index 5f0d169503c..a5b1cb505cd 100644
--- a/tls/s2n_recv.c
+++ b/tls/s2n_recv.c
@@ -206,7 +206,11 @@ ssize_t s2n_recv_impl(struct s2n_connection *conn, void *buf, ssize_t size_signe
                 break;
             }
 
-            /* If we get here, it's an error condition */
+            /* If we get here, it's an error condition. 
+             * For stateful resumption, invalidate the session on error to prevent resumption with 
+             * potentially corrupted session state. This ensures that a bad session state does not 
+             * lead to repeated failures during resumption attempts.
+             */
             if (s2n_errno != S2N_ERR_IO_BLOCKED && s2n_allowed_to_cache_connection(conn) && conn->session_id_len) {
                 conn->config->cache_delete(conn, conn->config->cache_delete_data, conn->session_id, conn->session_id_len);
             }