Add test for ssl_cache max_entries
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 955d878..54ba769 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -69,6 +69,7 @@
#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
+#define DFL_CACHE_MAX -1
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -110,6 +111,7 @@
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
int tickets; /* enable / disable session tickets */
+ int cache_max; /* max number of session cache entries */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -162,6 +164,13 @@
#define USAGE_TICKETS ""
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_CACHE_C)
+#define USAGE_CACHE \
+ " cache_max=%%d default: cache default (50)\n"
+#else
+#define USAGE_CACHE ""
+#endif /* POLARSSL_SSL_CACHE_C */
+
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
#define USAGE_MAX_FRAG_LEN \
" max_frag_len=%%d default: 16384 (tls default)\n" \
@@ -307,6 +316,7 @@
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS;
+ opt.cache_max = DFL_CACHE_MAX;
for( i = 1; i < argc; i++ )
{
@@ -456,6 +466,12 @@
if( opt.tickets < 0 || opt.tickets > 1 )
goto usage;
}
+ else if( strcmp( p, "cache_max" ) == 0 )
+ {
+ opt.cache_max = atoi( q );
+ if( opt.cache_max < 0 )
+ goto usage;
+ }
else
goto usage;
}
@@ -726,6 +742,9 @@
ssl_set_dbg( &ssl, my_debug, stdout );
#if defined(POLARSSL_SSL_CACHE_C)
+ if( opt.cache_max != -1 )
+ ssl_cache_set_max_entries( &cache, opt.cache_max );
+
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0dd072b..a60248d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -102,7 +102,7 @@
# Tests for Session Tickets
-run_test "Session resume using tickets" \
+run_test "Session resume using tickets #1" \
"debug_level=4 tickets=1" \
"debug_level=4 reconnect=1 tickets=1" \
0 \
@@ -111,7 +111,16 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-# Test for Session Resume base in session-ID and cache
+run_test "Session resume using tickets #2" \
+ "debug_level=4 tickets=1 cache_max=0" \
+ "debug_level=4 reconnect=1 tickets=1" \
+ 0 \
+ -S "session successfully restored from cache" \
+ -s "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
+# Test for Session Resume based on session-ID and cache
run_test "Session resume using cache #1" \
"debug_level=4 tickets=0" \
@@ -131,6 +140,24 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+run_test "Session resume using cache #3" \
+ "debug_level=4 tickets=0 cache_max=0" \
+ "debug_level=4 reconnect=1 tickets=0" \
+ 0 \
+ -S "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "no session has been resumed" \
+ -c "no session has been resumed"
+
+run_test "Session resume using cache #4" \
+ "debug_level=4 tickets=1 cache_max=1" \
+ "debug_level=4 reconnect=1 tickets=0" \
+ 0 \
+ -s "session successfully restored from cache" \
+ -S "session successfully restored from ticket" \
+ -s "a session has been resumed" \
+ -c "a session has been resumed"
+
# Tests for Max Fragment Length extension
run_test "Max fragment length #1" \
