diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-28 01:08:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-28 01:08:45 +0000 |
commit | 94d511cdbd4b12d36e26a9b8f482e5e54c6c227a (patch) | |
tree | 1ca8c19c2b3b5462cbf6b16d410315d91a22048f /ssl/s3_lib.c | |
parent | ec5d747328d33ab9c9ab99629ae7a110669f138b (diff) |
Add ctrls to set and get RFC4507bis keys to enable several contexts to
reuse the same tickets.
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 872f8fdd89..7a4ddd8548 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2536,6 +2536,31 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg=parg; break; + case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: + { + unsigned char *keys = parg; + if (!keys) + return 48; + if (larg != 48) + { + SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; + } + if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) + { + memcpy(ctx->tlsext_tick_key_name, keys, 16); + memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); + } + else + { + memcpy(keys, ctx->tlsext_tick_key_name, 16); + memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16); + } + return 1; + } #endif /* !OPENSSL_NO_TLSEXT */ /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: |