diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 87454b2fb..41cd4e4c0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2491,14 +2491,10 @@ send_request: size_t buf_len; unsigned char *context_buf = NULL; - opt.serialize = 0; - mbedtls_printf( " Serializing live connection..." ); + mbedtls_printf( " . Serializing live connection..." ); ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len ); - - /* Allow stub implementation returning 0 for now */ - if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && - ret != 0 ) + if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -2517,14 +2513,32 @@ send_request: if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); goto exit; } + mbedtls_printf( " ok\n" ); + + if( opt.serialize == 1 ) + { + mbedtls_printf( " . Reseting context..." ); + + if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned " + "-0x%x\n\n", -ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } + if( opt.serialize == 2 ) { + mbedtls_printf( " . Freeing and reinitializing context..." ); + mbedtls_ssl_free( &ssl ); mbedtls_ssl_init( &ssl ); @@ -2532,7 +2546,7 @@ send_request: if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned " - " -0x%x\n\n", -ret ); + "-0x%x\n\n", -ret ); goto exit; } @@ -2540,8 +2554,8 @@ send_request: mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else - mbedtls_ssl_set_bio( &ssl, &server_fd, - mbedtls_net_send, mbedtls_net_recv, + mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, + mbedtls_net_recv, opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL ); #if defined(MBEDTLS_TIMING_C) @@ -2557,9 +2571,11 @@ send_request: #endif } #endif /* MBEDTLS_TIMING_C */ + + mbedtls_printf( " ok\n" ); } - mbedtls_printf( " Deserializing connection..." ); + mbedtls_printf( " . Deserializing connection..." ); if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) @@ -2569,6 +2585,8 @@ send_request: goto exit; } + + mbedtls_printf( " ok\n" ); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9cca9c4d7..dbabc7a34 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3507,14 +3507,10 @@ data_exchange: size_t buf_len; unsigned char *context_buf = NULL; - opt.serialize = 0; - mbedtls_printf( " Serializing live connection..." ); + mbedtls_printf( " . Serializing live connection..." ); ret = mbedtls_ssl_context_save( &ssl, NULL, 0, &buf_len ); - - /* Allow stub implementation returning 0 for now */ - if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL && - ret != 0 ) + if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) { mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); @@ -3533,14 +3529,47 @@ data_exchange: if( ( ret = mbedtls_ssl_context_save( &ssl, context_buf, buf_len, &buf_len ) ) != 0 ) { - mbedtls_printf( "failed\n ! mbedtls_ssl_context_save returned " + mbedtls_printf( " failed\n ! mbedtls_ssl_context_save returned " "-0x%x\n\n", -ret ); goto exit; } + mbedtls_printf( " ok\n" ); + + /* + * This simulates a workflow where you have a long-lived server + * instance, potentially with a pool of ssl_context objects, and you + * just want to re-use one while the connection is inactive: in that + * case you can just reset() it, and then it's ready to receive + * serialized data from another connection (or the same here). + */ + if( opt.serialize == 1 ) + { + mbedtls_printf( " . Reseting context..." ); + + if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned " + "-0x%x\n\n", -ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } + + /* + * This simulates a workflow where you have one server instance per + * connection, and want to release it entire when the connection is + * inactive, and spawn it again when needed again - this would happen + * between ssl_free() and ssl_init() below, together with any other + * teardown/startup code needed - for example, preparing the + * ssl_config again (see section 3 "setup stuff" in this file). + */ if( opt.serialize == 2 ) { + mbedtls_printf( " . Freeing and reinitializing context..." ); + mbedtls_ssl_free( &ssl ); mbedtls_ssl_init( &ssl ); @@ -3552,6 +3581,12 @@ data_exchange: goto exit; } + /* + * This illustrates the minimum amount of things you need to set + * up, however you could set up much more if desired, for example + * if you want to share your set up code between the case of + * establishing a new connection and this case. + */ if( opt.nbio == 2 ) mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL ); @@ -3573,9 +3608,11 @@ data_exchange: #endif } #endif /* MBEDTLS_TIMING_C */ + + mbedtls_printf( " ok\n" ); } - mbedtls_printf( " Deserializing connection..." ); + mbedtls_printf( " . Deserializing connection..." ); if( ( ret = mbedtls_ssl_context_load( &ssl, context_buf, buf_len ) ) != 0 ) @@ -3585,6 +3622,8 @@ data_exchange: goto exit; } + + mbedtls_printf( " ok\n" ); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */