diff options
author | bodo <bodo> | 2010-08-26 15:15:45 +0000 |
---|---|---|
committer | bodo <bodo> | 2010-08-26 15:15:45 +0000 |
commit | b35754f1437b1da658b0feb473b256b4169a2beb (patch) | |
tree | dc5adca8fb19becbaaca8cfc799a5b6396ddfecf /ssl/s3_srvr.c | |
parent | 89e811a25cae5a3cbc548007b0e1db2d267c0026 (diff) | |
download | openssl-b35754f1437b1da658b0feb473b256b4169a2beb.tar.gz |
For better forward-security support, add functions
SSL_[CTX_]set_not_resumable_session_callback.
Submitted by: Emilia Kasper (Google)
[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
Diffstat (limited to 'ssl/s3_srvr.c')
-rw-r--r-- | ssl/s3_srvr.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c2874e7fe..bc6ece47c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1251,6 +1251,13 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } s->s3->tmp.new_cipher=c; + /* check whether we should disable session resumption */ + if (s->not_resumable_session_cb != NULL) + s->session->not_resumable=s->not_resumable_session_cb(s, + ((c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)) != 0)); + if (s->session->not_resumable) + /* do not send a session ticket */ + s->tlsext_ticket_expected = 0; } else { @@ -1354,8 +1361,9 @@ int ssl3_send_server_hello(SSL *s) * if session caching is disabled so existing functionality * is unaffected. */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) - && !s->hit) + if (s->session->not_resumable || + (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit)) s->session->session_id_length=0; sl=s->session->session_id_length; |