diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2fa9a8133..e67ad8b07 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -127,6 +127,7 @@ int main(void) #define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM #define DFL_CACHE_MAX -1 #define DFL_CACHE_TIMEOUT -1 +#define DFL_CACHE_REMOVE 0 #define DFL_SNI NULL #define DFL_ALPN_STRING NULL #define DFL_CURVES NULL @@ -326,9 +327,12 @@ int main(void) #else #define USAGE_CACHE_TIME "" #endif +#define USAGE_CACHE_REMOVE \ + " cache_remove=%%d default: 0 (disabled)\n" #else #define USAGE_CACHE "" #define USAGE_CACHE_TIME "" +#define USAGE_CACHE_REMOVE "" #endif /* MBEDTLS_SSL_CACHE_C */ #if defined(SNI_OPTION) @@ -549,6 +553,7 @@ int main(void) USAGE_NSS_KEYLOG_FILE \ USAGE_CACHE \ USAGE_CACHE_TIME \ + USAGE_CACHE_REMOVE \ USAGE_MAX_FRAG_LEN \ USAGE_ALPN \ USAGE_EMS \ @@ -667,6 +672,7 @@ struct options { #if defined(MBEDTLS_HAVE_TIME) int cache_timeout; /* expiration delay of session cache entries*/ #endif + int cache_remove; /* enable / disable cache removement */ char *sni; /* string describing sni information */ const char *curves; /* list of supported elliptic curves */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */ @@ -1729,6 +1735,7 @@ usage: #if defined(MBEDTLS_HAVE_TIME) opt.cache_timeout = DFL_CACHE_TIMEOUT; #endif + opt.cache_remove = DFL_CACHE_REMOVE; opt.sni = DFL_SNI; opt.alpn_string = DFL_ALPN_STRING; opt.curves = DFL_CURVES; @@ -2142,7 +2149,12 @@ usage: } } #endif - else if (strcmp(p, "cookies") == 0) { + else if (strcmp(p, "cache_remove") == 0) { + opt.cache_remove = atoi(q); + if (opt.cache_remove < 0 || opt.cache_remove > 1) { + goto usage; + } + } else if (strcmp(p, "cookies") == 0) { opt.cookies = atoi(q); if (opt.cookies < -1 || opt.cookies > 1) { goto usage; @@ -4125,6 +4137,12 @@ close_notify: mbedtls_printf(" done\n"); +#if defined(MBEDTLS_SSL_CACHE_C) + if (opt.cache_remove > 0) { + mbedtls_ssl_cache_remove(&cache, ssl.session->id, ssl.session->id_len); + } +#endif + goto reset; /*