Add ctrls to set and get RFC4507bis keys to enable several contexts to

reuse the same tickets.
author: Dr. Stephen Henson <steve@openssl.org> 2007-08-28 01:08:45 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-08-28 01:08:45 +0000
commit: 94d511cdbd4b12d36e26a9b8f482e5e54c6c227a (patch)
tree: 1ca8c19c2b3b5462cbf6b16d410315d91a22048f /ssl/s3_lib.c
parent: ec5d747328d33ab9c9ab99629ae7a110669f138b (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 872f8fdd89..7a4ddd8548 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2536,6 +2536,31 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
 		ctx->tlsext_servername_arg=parg;
 		break;
+	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+		{
+		unsigned char *keys = parg;
+		if (!keys)
+			return 48;
+		if (larg != 48)
+			{
+			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+			return 0;
+			}
+		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
+			{
+			memcpy(ctx->tlsext_tick_key_name, keys, 16);
+			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+			}
+		else
+			{
+			memcpy(keys, ctx->tlsext_tick_key_name, 16);
+			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+			}
+		return 1;
+		}
 #endif /* !OPENSSL_NO_TLSEXT */
 	/* A Thawte special :-) */
 	case SSL_CTRL_EXTRA_CHAIN_CERT:
author	Dr. Stephen Henson <steve@openssl.org>	2007-08-28 01:08:45 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-08-28 01:08:45 +0000
commit	94d511cdbd4b12d36e26a9b8f482e5e54c6c227a (patch)
tree	1ca8c19c2b3b5462cbf6b16d410315d91a22048f /ssl/s3_lib.c
parent	ec5d747328d33ab9c9ab99629ae7a110669f138b (diff)