From 9d0a8bb71e3e411e9183e635122f17c1429c4116 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 31 Jan 2018 17:26:46 +0000 Subject: Enable the ability to set the number of TLSv1.3 session tickets sent We send a session ticket automatically in TLSv1.3 at the end of the handshake. This commit provides the ability to set how many tickets should be sent. By default this is one. Fixes #4978 Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) --- ssl/ssl_lib.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'ssl/ssl_lib.c') diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 41574c4bf2..2c29d7f61c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -699,6 +699,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; s->max_early_data = ctx->max_early_data; + s->num_tickets = ctx->num_tickets; /* Shallow copy of the ciphersuites stack */ s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); @@ -3033,6 +3034,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->max_early_data = 0; + /* By default we send one session ticket automatically in TLSv1.3 */ + ret->num_tickets = 1; + ssl_ctx_system_config(ret); return ret; @@ -4314,6 +4318,30 @@ int SSL_set_block_padding(SSL *ssl, size_t block_size) return 1; } +int SSL_set_num_tickets(SSL *s, size_t num_tickets) +{ + s->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_get_num_tickets(SSL *s) +{ + return s->num_tickets; +} + +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) +{ + ctx->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) +{ + return ctx->num_tickets; +} + /* * Allocates new EVP_MD_CTX and sets pointer to it into given pointer * variable, freeing EVP_MD_CTX previously stored in that variable, if any. -- cgit v1.2.3