- Added simple SSL session cache implementation

- Revamped session resumption handling
2012-09-25 21:55:46 +00:00 · 2012-09-25 21:55:46 +00:00 · 0a59707523
commit 0a59707523
parent 1a0f552030
18 changed files with 408 additions and 372 deletions
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@ -126,80 +126,6 @@ void my_debug( void *ctx, int level, const char *str )
    }
 }

-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
-    time_t t = time( NULL );
-
-    if( ssl->resume == 0 )
-        return( 1 );
-
-    cur = s_list_1st;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        prv = cur;
-        cur = cur->next;
-
-        if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
-            continue;
-
-        if( ssl->session->ciphersuite != prv->ciphersuite ||
-            ssl->session->length != prv->length )
-            continue;
-
-        if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
-            continue;
-
-        memcpy( ssl->session->master, prv->master, 48 );
-        return( 0 );
-    }
-
-    return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
-    time_t t = time( NULL );
-
-    cur = s_list_1st;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
-            break; /* expired, reuse this slot */
-
-        if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
-            break; /* client reconnected */
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    if( cur == NULL )
-    {
-        cur = (ssl_session *) malloc( sizeof( ssl_session ) );
-        if( cur == NULL )
-            return( 1 );
-
-        if( prv == NULL )
-              s_list_1st = cur;
-        else  prv->next  = cur;
-    }
-
-    memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
-    return( 0 );
-}
-
 int main( int argc, char *argv[] )
 {
    int ret, len, cnt = 0, pid;
@ -211,7 +137,6 @@ int main( int argc, char *argv[] )
    entropy_context entropy;
    ctr_drbg_context ctr_drbg;
    ssl_context ssl;
-    ssl_session ssn;
    x509_cert srvcert;
    rsa_context rsa;

@ -369,13 +294,8 @@ int main( int argc, char *argv[] )
        ssl_set_dbg( &ssl, my_debug, stdout );
        ssl_set_bio( &ssl, net_recv, &client_fd,
                           net_send, &client_fd );
-        ssl_set_scb( &ssl, my_get_session,
-                           my_set_session );

        ssl_set_ciphersuites( &ssl, my_ciphersuites );
-        ssl_set_session( &ssl, 1, 0, &ssn );
-
-        memset( &ssn, 0, sizeof( ssl_session ) );

        ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
        ssl_set_own_cert( &ssl, &srvcert, &rsa );
@ -482,17 +402,6 @@ exit:
    rsa_free( &rsa );
    ssl_free( &ssl );

-    cur = s_list_1st;
-    while( cur != NULL )
-    {
-        prv = cur;
-        cur = cur->next;
-        memset( prv, 0, sizeof( ssl_session ) );
-        free( prv );
-    }
-
-    memset( &ssl, 0, sizeof( ssl_context ) );
-
 #if defined(_WIN32)
    printf( "  Press Enter to exit this program.\n" );
    fflush( stdout ); getchar();