Add tests for cache timeout
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8ecaf4b..e266ca3 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -37,6 +37,10 @@
#include "polarssl/x509.h"
#include "polarssl/error.h"
+#if defined(POLARSSL_TIMING_C)
+#include "polarssl/timing.h"
+#endif
+
#define DFL_SERVER_NAME "localhost"
#define DFL_SERVER_PORT 4433
#define DFL_REQUEST_PAGE "/"
@@ -57,6 +61,7 @@
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC 0
#define DFL_RECONNECT 0
+#define DFL_RECO_DELAY 0
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
@@ -97,6 +102,7 @@
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
int reconnect; /* attempt to resume session */
+ int reco_delay; /* delay in seconds before resuming session */
int tickets; /* enable / disable session tickets */
} opt;
@@ -198,6 +204,13 @@
#define USAGE_MAX_FRAG_LEN ""
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_TIMING_C)
+#define USAGE_TIME \
+ " reco_delay=%%d default: 0 seconds\n"
+#else
+#define USAGE_TIME ""
+#endif /* POLARSSL_TIMING_C */
+
#define USAGE \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
@@ -216,6 +229,7 @@
" allow_legacy=%%d default: 0 (disabled)\n" \
" renegotiate=%%d default: 0 (disabled)\n" \
" reconnect=%%d default: 0 (disabled)\n" \
+ USAGE_TIME \
USAGE_TICKETS \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
@@ -320,6 +334,7 @@
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.reconnect = DFL_RECONNECT;
+ opt.reco_delay = DFL_RECO_DELAY;
opt.tickets = DFL_TICKETS;
for( i = 1; i < argc; i++ )
@@ -393,6 +408,12 @@
if( opt.reconnect < 0 || opt.reconnect > 2 )
goto usage;
}
+ else if( strcmp( p, "reco_delay" ) == 0 )
+ {
+ opt.reco_delay = atoi( q );
+ if( opt.reco_delay < 0 )
+ goto usage;
+ }
else if( strcmp( p, "tickets" ) == 0 )
{
opt.tickets = atoi( q );
@@ -892,8 +913,10 @@
{
--opt.reconnect;
- // printf( " ! Press a key to reconnect\n" );
- // (void) getchar();
+#if defined(POLARSSL_TIMING_C)
+ if( opt.reco_delay > 0 )
+ m_sleep( 1000 * opt.reco_delay );
+#endif
printf( " . Reconnecting with saved session..." );
fflush( stdout );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 54ba769..a95bcad 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -70,6 +70,7 @@
#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
#define DFL_CACHE_MAX -1
+#define DFL_CACHE_TIMEOUT -1
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -112,6 +113,7 @@
unsigned char mfl_code; /* code for maximum fragment length */
int tickets; /* enable / disable session tickets */
int cache_max; /* max number of session cache entries */
+ int cache_timeout; /* expiration delay of session cache entries */
} opt;
static void my_debug( void *ctx, int level, const char *str )
@@ -166,7 +168,8 @@
#if defined(POLARSSL_SSL_CACHE_C)
#define USAGE_CACHE \
- " cache_max=%%d default: cache default (50)\n"
+ " cache_max=%%d default: cache default (50)\n" \
+ " cache_timeout=%%d default: cache default (1d)\n"
#else
#define USAGE_CACHE ""
#endif /* POLARSSL_SSL_CACHE_C */
@@ -196,6 +199,7 @@
" allow_legacy=%%d default: 0 (disabled)\n" \
" renegotiate=%%d default: 0 (disabled)\n" \
USAGE_TICKETS \
+ USAGE_CACHE \
USAGE_MAX_FRAG_LEN \
"\n" \
" min_version=%%s default: \"ssl3\"\n" \
@@ -317,6 +321,7 @@
opt.mfl_code = DFL_MFL_CODE;
opt.tickets = DFL_TICKETS;
opt.cache_max = DFL_CACHE_MAX;
+ opt.cache_timeout = DFL_CACHE_TIMEOUT;
for( i = 1; i < argc; i++ )
{
@@ -472,6 +477,12 @@
if( opt.cache_max < 0 )
goto usage;
}
+ else if( strcmp( p, "cache_timeout" ) == 0 )
+ {
+ opt.cache_timeout = atoi( q );
+ if( opt.cache_timeout < 0 )
+ goto usage;
+ }
else
goto usage;
}
@@ -745,6 +756,9 @@
if( opt.cache_max != -1 )
ssl_cache_set_max_entries( &cache, opt.cache_max );
+ if( opt.cache_timeout != -1 )
+ ssl_cache_set_timeout( &cache, opt.cache_timeout );
+
ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
ssl_cache_set, &cache );
#endif
