diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-11 23:18:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-11 23:18:29 +0000 |
commit | 6434abbfc6ac0d5cb882844ed10fef5821039cf6 (patch) | |
tree | 04b0b4626e1ccd18fb80965716957144ceb839b9 /ssl/ssl_lib.c | |
parent | e45c100762baaaa0bfd9e9db136192ec09286a55 (diff) |
RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ab15575eec..7fc60e46ec 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -151,6 +151,7 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> +#include <openssl/rand.h> #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif @@ -336,6 +337,9 @@ SSL *SSL_new(SSL_CTX *ctx) CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->ctx=ctx; #ifndef OPENSSL_NO_TLSEXT + s->tlsext_debug_cb = 0; + s->tlsext_debug_arg = NULL; + s->tlsext_ticket_expected = 0; CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); s->initial_ctx=ctx; #endif @@ -1545,6 +1549,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) #ifndef OPENSSL_NO_TLSEXT ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; + /* Setup RFC4507 ticket keys */ + if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) + || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + ret->options |= SSL_OP_NO_TICKET; + #endif #ifndef OPENSSL_NO_PSK ret->psk_identity_hint=NULL; |