- Added simple SSL session cache implementation
- Revamped session resumption handling
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index bc5402f..6f97de3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -45,6 +45,10 @@
#include "polarssl/x509.h"
#include "polarssl/error.h"
+#if defined(POLARSSL_SSL_CACHE_C)
+#include "polarssl/ssl_cache.h"
+#endif
+
#define DFL_SERVER_PORT 4433
#define DFL_REQUEST_PAGE "/"
#define DFL_DEBUG_LEVEL 0
@@ -94,80 +98,6 @@
}
}
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- if( ssl->resume == 0 )
- return( 1 );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- prv = cur;
- cur = cur->next;
-
- if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
- continue;
-
- if( ssl->session->ciphersuite != prv->ciphersuite ||
- ssl->session->length != prv->length )
- continue;
-
- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
- continue;
-
- memcpy( ssl->session->master, prv->master, 48 );
- return( 0 );
- }
-
- return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
- time_t t = time( NULL );
-
- cur = s_list_1st;
- prv = NULL;
-
- while( cur != NULL )
- {
- if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
- break; /* expired, reuse this slot */
-
- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
- break; /* client reconnected */
-
- prv = cur;
- cur = cur->next;
- }
-
- if( cur == NULL )
- {
- cur = (ssl_session *) malloc( sizeof( ssl_session ) );
- if( cur == NULL )
- return( 1 );
-
- if( prv == NULL )
- s_list_1st = cur;
- else prv->next = cur;
- }
-
- memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
- return( 0 );
-}
-
#if defined(POLARSSL_FS_IO)
#define USAGE_IO \
" ca_file=%%s default: \"\" (pre-loaded)\n" \
@@ -218,10 +148,12 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
ssl_context ssl;
- ssl_session ssn;
x509_cert cacert;
x509_cert srvcert;
rsa_context rsa;
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_context cache;
+#endif
int i;
size_t j, n;
@@ -232,11 +164,12 @@
* Make sure memory references are valid.
*/
listen_fd = 0;
- memset( &ssn, 0, sizeof( ssl_session ) );
- memset( &ssl, 0, sizeof( ssl_context ) );
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_init( &cache );
+#endif
if( argc == 0 )
{
@@ -455,8 +388,10 @@
ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
ssl_set_dbg( &ssl, my_debug, stdout );
- ssl_set_scb( &ssl, my_get_session,
- my_set_session );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
+ ssl_cache_set, &cache );
+#endif
if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
@@ -466,8 +401,6 @@
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
- ssl_set_session( &ssl, 1, 0, &ssn );
-
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
@@ -673,10 +606,12 @@
x509_free( &srvcert );
x509_free( &cacert );
rsa_free( &rsa );
- ssl_session_free( &ssn );
- ssl_session_free( s_list_1st );
ssl_free( &ssl );
+#if defined(POLARSSL_SSL_CACHE_C)
+ ssl_cache_free( &cache );
+#endif
+
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
