- Added simple SSL session cache implementation

- Revamped session resumption handling
2012-09-25 21:55:46 +00:00 · 2012-09-25 21:55:46 +00:00 · 0a59707523
commit 0a59707523
parent 1a0f552030
18 changed files with 408 additions and 372 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -45,6 +45,10 @@
 #include "polarssl/x509.h"
 #include "polarssl/error.h"

+#if defined(POLARSSL_SSL_CACHE_C)
+#include "polarssl/ssl_cache.h"
+#endif
+
 #define DFL_SERVER_PORT         4433
 #define DFL_REQUEST_PAGE        "/"
 #define DFL_DEBUG_LEVEL         0
@ -94,80 +98,6 @@ void my_debug( void *ctx, int level, const char *str )
    }
 }

-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-ssl_session *s_list_1st = NULL;
-ssl_session *cur, *prv;
-
-static int my_get_session( ssl_context *ssl )
-{
-    time_t t = time( NULL );
-
-    if( ssl->resume == 0 )
-        return( 1 );
-
-    cur = s_list_1st;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        prv = cur;
-        cur = cur->next;
-
-        if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
-            continue;
-
-        if( ssl->session->ciphersuite != prv->ciphersuite ||
-            ssl->session->length != prv->length )
-            continue;
-
-        if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
-            continue;
-
-        memcpy( ssl->session->master, prv->master, 48 );
-        return( 0 );
-    }
-
-    return( 1 );
-}
-
-static int my_set_session( ssl_context *ssl )
-{
-    time_t t = time( NULL );
-
-    cur = s_list_1st;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
-            break; /* expired, reuse this slot */
-
-        if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
-            break; /* client reconnected */
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    if( cur == NULL )
-    {
-        cur = (ssl_session *) malloc( sizeof( ssl_session ) );
-        if( cur == NULL )
-            return( 1 );
-
-        if( prv == NULL )
-              s_list_1st = cur;
-        else  prv->next  = cur;
-    }
-
-    memcpy( cur, ssl->session, sizeof( ssl_session ) );
-
-    return( 0 );
-}
-
 #if defined(POLARSSL_FS_IO)
 #define USAGE_IO \
    "    ca_file=%%s          default: \"\" (pre-loaded)\n" \
@ -218,10 +148,12 @@ int main( int argc, char *argv[] )
    entropy_context entropy;
    ctr_drbg_context ctr_drbg;
    ssl_context ssl;
-    ssl_session ssn;
    x509_cert cacert;
    x509_cert srvcert;
    rsa_context rsa;
+#if defined(POLARSSL_SSL_CACHE_C)
+    ssl_cache_context cache;
+#endif

    int i;
    size_t j, n;
@ -232,11 +164,12 @@ int main( int argc, char *argv[] )
     * Make sure memory references are valid.
     */
    listen_fd = 0;
-    memset( &ssn, 0, sizeof( ssl_session ) );
-    memset( &ssl, 0, sizeof( ssl_context ) );
    memset( &cacert, 0, sizeof( x509_cert ) );
    memset( &srvcert, 0, sizeof( x509_cert ) );
    memset( &rsa, 0, sizeof( rsa_context ) );
+#if defined(POLARSSL_SSL_CACHE_C)
+    ssl_cache_init( &cache );
+#endif

    if( argc == 0 )
    {
@ -455,8 +388,10 @@ int main( int argc, char *argv[] )
    ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
    ssl_set_dbg( &ssl, my_debug, stdout );

-    ssl_set_scb( &ssl, my_get_session,
-                       my_set_session );
+#if defined(POLARSSL_SSL_CACHE_C)
+    ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
+                                 ssl_cache_set, &cache );
+#endif

    if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER )
        ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
@ -466,8 +401,6 @@ int main( int argc, char *argv[] )
    ssl_set_renegotiation( &ssl, opt.renegotiation );
    ssl_legacy_renegotiation( &ssl, opt.allow_legacy );

-    ssl_set_session( &ssl, 1, 0, &ssn );
-
    ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
    ssl_set_own_cert( &ssl, &srvcert, &rsa );

@ -673,10 +606,12 @@ exit:
    x509_free( &srvcert );
    x509_free( &cacert );
    rsa_free( &rsa );
-    ssl_session_free( &ssn );
-    ssl_session_free( s_list_1st );
    ssl_free( &ssl );

+#if defined(POLARSSL_SSL_CACHE_C)
+    ssl_cache_free( &cache );
+#endif
+
 #if defined(_WIN32)
    printf( "  + Press Enter to exit this program.\n" );
    fflush( stdout ); getchar();