diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-05-21 14:02:44 +0200 |
---|---|---|
committer | John Crispin <john@phrozen.org> | 2018-05-22 20:37:16 +0200 |
commit | e8a14691313d72bac27f9060bc536cf2ad23256b (patch) | |
tree | fe743f143882b016715be4f6a58bab8154d66fc7 | |
parent | 527e7002d0429465bd49c0c0d416ef22fbf5ae86 (diff) | |
download | ustream-ssl-e8a14691313d72bac27f9060bc536cf2ad23256b.tar.gz |
mbedtls: Add support for a session cache
This allows the client to reuse the settings from a previous session and
no full key exchange is needed.
The partially key exchange takes less than 0.1 seconds compared to over
a second needed for a full key exchange.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r-- | ustream-mbedtls.c | 14 | ||||
-rw-r--r-- | ustream-mbedtls.h | 7 |
2 files changed, 21 insertions, 0 deletions
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c index e176afe..0b747d2 100644 --- a/ustream-mbedtls.c +++ b/ustream-mbedtls.c @@ -138,6 +138,12 @@ __ustream_ssl_context_new(bool server) mbedtls_x509_crt_init(&ctx->cert); mbedtls_x509_crt_init(&ctx->ca_cert); +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_init(&ctx->cache); + mbedtls_ssl_cache_set_timeout(&ctx->cache, 30 * 60); + mbedtls_ssl_cache_set_max_entries(&ctx->cache, 5); +#endif + conf = &ctx->conf; mbedtls_ssl_config_init(conf); @@ -154,6 +160,11 @@ __ustream_ssl_context_new(bool server) mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(conf, _urandom, NULL); +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_conf_session_cache(conf, &ctx->cache, + mbedtls_ssl_cache_get, + mbedtls_ssl_cache_set); +#endif return ctx; } @@ -214,6 +225,9 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx) { +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_free(&ctx->cache); +#endif mbedtls_pk_free(&ctx->key); mbedtls_x509_crt_free(&ctx->ca_cert); mbedtls_x509_crt_free(&ctx->cert); diff --git a/ustream-mbedtls.h b/ustream-mbedtls.h index a489867..70bd4ea 100644 --- a/ustream-mbedtls.h +++ b/ustream-mbedtls.h @@ -28,11 +28,18 @@ #include <mbedtls/version.h> #include <mbedtls/entropy.h> +#if defined(MBEDTLS_SSL_CACHE_C) +#include <mbedtls/ssl_cache.h> +#endif + struct ustream_ssl_ctx { mbedtls_ssl_config conf; mbedtls_pk_context key; mbedtls_x509_crt ca_cert; mbedtls_x509_crt cert; +#if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_context cache; +#endif bool server; }; |